[Snort-users] Port open question
gbinder at ...462...
Wed Apr 4 13:09:27 EDT 2001
Joe Matusiewicz on Wed, Apr 04, 2001 at 12:50:27PM -0400:
> This doesn't sound good. Something running on a port and you don't know
> what it is. Perhaps the version of netstat you're using has been replaced
> by the Bad Guys (TM) if you were r00ted. If you ran tripwire, you could
> check to see if it was your original netstat binary. I would bring in
> another version of netstat via floppy from another machine to see what it
> might say is running on that port. Personally I prefer to use lsof for this.
The reason netstat -a didn't show this is that it resolves 2766 using
/etc/services to "listen".
Gregor Binder <gregor.binder at ...462...> http://sysfive.com/
sysfive.com GmbH UNIX. Networking. Security. Applications.
PGP id: 0x20C6DA55 fp: 18AB 2DD0 F8FA D710 1EDC A97A B128 01C0 20C6 DA55
More information about the Snort-users