[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [K12OSN] Port 963

From: Ben Nickell <twinprism athena physics isu edu>
To: k12osn redhat com
Subject: Re: [K12OSN] Port 963
Date: Tue Nov 25 15:08:03 2003

Darryl L. Palmer, Jr. wrote:

I would recommend probably running the server in single-user mode and
running chkrootkit.  Almost any scriptkiddie can grab a rootkit and
install it on your system if they are able to break in.  Most of the
better rootkits at least change ps and netstat so that you either don't
see them on your system or you are given incorrect addresses.
Darryl

Chris Hobbs said:

dloomis cox-internet com wrote:

In running nmap on my server it shows port 963 open. I cannot discern what it is. A google search didn't reveal much. I am concerned that it is something that should not be here.

netstat -p

This will identify the process that has the port open on the box

You can also try (as root)

/sbin/fuser -v 963/tcp

This should give you the name of the process using that port. This may also be modified by a rootkit, so if you suspect something's up verifying checksums would be a good idea.

Running chkrootkit (after installing it, yum install chkrootkit or apt-get install chkrootkit) wouldn't be a bad idea either.

Follow-Ups:
- Re: [K12OSN] Port 963
  - From: Darryl L. Palmer, Jr.

References:
- [K12OSN] Port 963
  - From: dloomis
- Re: [K12OSN] Port 963
  - From: Chris Hobbs
- Re: [K12OSN] Port 963
  - From: Darryl L. Palmer, Jr.

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]