hi,
On Sat, Sep 04, 1999 at 04:28:53AM -0700, N. N.M wrote:
> 1) I realized that the TCP ports of 6010,6011,6012 and 6013 are openly
> listening on my FreeBSD box. I don't know how this has happened, as they
> were not open before. They are related to X11 as far as I know. But I had
> already disabled XDM in /etc/ttys file. Could anybody tell me how I can
> disable this stuff? Or how they could get opened and listening?
>
> 2) This is some time that two UDP ports have got opened as well. Again, I
> don't have any idea on how they have got enabled. The ports are 1352 and
> 2699. Generally, how I can trace when a port gets suddenly enabled?
I can propose idea how to understand which process used this port.
for example -- how to find process which opened port 80 (aka http)
$ netstat -Ana | grep \*\.80
f0625d00 tcp 0 0 *.80 *.* LISTEN
$ fstat | grep f00625d00
nobody httpd 200 15* internet stream tcp f00625d00
first field is process owner
second - name of process
third - pid
-- /* Alexey Zelkin && phantom@cris.net */ /* Tavrical National University && phantom@crimea.edu */ /* http://www.ccssu.crimea.ua/~phantom && phantom@FreeBSD.org */
To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message -- end of forwarded message --
-- С тем, что не помешает никогда, Kittle