[Snort-users] Port open question

Gregor Binder gbinder at ...462...
Wed Apr 4 13:09:27 EDT 2001

Joe Matusiewicz on Wed, Apr 04, 2001 at 12:50:27PM -0400:


> This doesn't sound good.  Something running on a port and you don't know 
> what it is.  Perhaps the version of netstat you're using has been replaced 
> by the Bad Guys (TM) if you were r00ted.  If you ran tripwire, you could 
> check to see if it was your original netstat binary.  I would bring in 
> another version of netstat via floppy from another machine to see what it 
> might say is running on that port.  Personally I prefer to use lsof for this.

The reason netstat -a didn't show this is that it resolves 2766 using
/etc/services to "listen".


Gregor Binder       <gregor.binder at ...462...>      http://sysfive.com/
sysfive.com GmbH               UNIX. Networking. Security. Applications.
PGP id: 0x20C6DA55 fp: 18AB 2DD0 F8FA D710 1EDC A97A B128 01C0 20C6 DA55

More information about the Snort-users mailing list