I notieed that if I telnet to port 65535 on my machine, I almost get a
telnet prompt. Here is what I get:
> telnet ad1440.net 65535
Trying 209.95.121.219...
Connected to ad1440.net.
Escape character is '^]'.
Then it sits there forever. However, as far as I knew, I had nothing
supposed to be listening on port 65535. So I decided to check out what
was listening on that port with
# fuser -n tcp local_port 65535
local_port/tcp: invalid specificiation
65535/tcp: 12463
# ps -alxww | grep 12268 | grep -v grep
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
040 0 12463 1 0 0 852 24 wait_f S ? 0:00 (kflushd)
So, it appears that kflushd is listening on port 65535 and returning an
almost-telnet prompt when connected to. This does not seem normal to me.
Am I running a compromised kflushd? Or do the parentheses around the
process name mean something? I notice that I'm running 2 kflushd
processes, and that's possibly quite significant, but I'm not sure what
the brackets/parens around the process name mean. Both have a parent
process of 1 (init)
# ps -alxww | grep kflushd | grep -v grep
F UID PID PPID PRI NI VSZ RSS WCHAN STAT TTY TIME COMMAND
040 0 2 1 0 0 0 0 bdflus SW ? 13:52 [kflushd]
040 0 12463 1 0 0 852 24 wait_f S ? 0:00 (kflushd)
Does anyone have any clues what is going on?
==============================================================================
[EMAIL PROTECTED] S/W Developer http://www.ad1440.net/~devnull
==============================================================================
Linux Viruscan: Windows 95/98/NT Found Remove it ? (Y/y)
==============================================================================
GCS/IT@ d? s+:++>: a30 C++++$ ULS++++$ P++ L++>+++ E W+++ N+ o? K- w O- M- V--
PS+ PE Y+ PGP+ t+@ 5++ X+ R++ tv--@ b+++ DI++ D G e++ h----@(++) r+++() y++++*
(http://www.ebb.org/ungeek to decode)
==============================================================================
