[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Edlug Archive Mar 2004 ]

Re: [edlug] open ports concern



On Sun, 28 Mar 2004 10:12:59 +0100
Paul McClung <paul@xxx.xxx.xxx> wrote:

> HI wander if anyone can shed any light on this a recent diff check on my 
> system has shown up 2 new ports opened these are 6389 and 2071 this has me a 
> bit worried any sugestion as to what might be using these ports 

I think the last column (if it's been wrapped - 2nd line if it's not
been wrapped) is PID / process name, rather than port.  The 4th column
is host:port.  

> +tcp        0      0 *:x11                   *:*                     LISTEN      
> 6389/X

X with PID 6389 is listening on the x11 port.  Although modern XFree86
does have security to prevent unauthorised connections, unless you
really need to connect with remote clients via TCP you're best to use
the -nolisten tcp option.  This is usually done in
/etc/X11/xinit/xserverrc and I think most linux distros do it by
default.

>  tcp        0      0 *:ssh                   *:*                     LISTEN      
> 2109/sshd

SSH with pid 2109 is listening on the ssh port.  I'm guessing you need
remote ssh capability.

HTH,

Alistair
-
----------------------------------------------------------------------
You can find the EdLUG mailing list FAQ list at:
http://www.edlug.org.uk/list_faq.html



This archive is kept by wibble@morpheux.org.DONTSPAMME
homepage