extra open ports in rkhunter
carlj at peak.org
Sun Sep 19 03:59:49 UTC 2010
Chuck Swiger <cswiger at mac.com> writes:
> On Sep 18, 2010, at 4:27 PM, Carl Johnson wrote:
>> The following are the ports if anybody has any ideas, but I would also like to know how to trace them down myself:
>> tcp4 0 0 *.876 *.* LISTEN
>> tcp6 0 0 *.921 *.* LISTEN
>> udp4 0 0 *.608 *.*
>> udp6 0 0 *.952 *.*
>> udp6 0 0 *.804 *.*
> lsof -i tcp:876
> ...and so forth for the other ports; this will give you the process ID of whatever is holding that socket.
lsof -i doesn't show any of those five ports. It seems to show the same
ones as sockstat. I should have mentioned previously that I verified
the tcp ports were open with nmap, but that wouldn't tell me what they
were. I haven't figured out how to even verify the udp ports are
connected or open. I also should have mentioned that I don't have any
reason to think that my system is infected, but I just wanted to
understand the difference.
Thanks for the reply. I had completely forgotten about lsof.
Carl Johnson carlj at peak.org
More information about the freebsd-questions