Cannot identify process of listening port 600/tcp6
Doug Hardie
bc979 at lafn.org
Mon Feb 18 09:36:45 UTC 2019
> On 17 February 2019, at 22:56, BBlister <bblister at gmail.com> wrote:
>
> From FreeBSD Forums
> https://forums.freebsd.org/threads/listening-port-600-tcp6-cannot-be-mapped-to-process-am-i-hacked.69624/#post-417787
>
>> You could make the firewall log activity on that port.
>> Also, you can use tcpdump to analyze the content of the datagrams.
>> If I recall correctly, nmap has a service discovery mode and it can try to
>> detect what exactly is listening on > the port.
>>
>
> My reply:
> I have executed tcpdump for 24 hours but I couln't receive/send any packet
> destined for that port. This is a passive way of detecting what is
> happening, and involves reverse engineering, because the datagram may be
> encrypted.
>
> It is difficult to wait for a packet to arrive or depart on port 600 (maybe
> it is trojan waiting to be activated?).
>
> I find it strange that FreeBSD does not have a tool to detect kernel
> listening sockets and the only way to detect what is happening it just by
> sniffing and trying to figure out the datagrams.
>
>
> What should I try next?
Possibly https://www.linuxquestions.org/questions/linux-security-4/nessus-security-notes-about-ipcserver-port-600-a-339908/ might provide some helpful information.
More information about the freebsd-questions
mailing list