Not suspicious but a little open. Do you really need to have that printer port open?
ie port 631. You have both the udp and tcp open. If anything, you shouldn't have your
UDP open. put this exactly as you see it in your /etc/hosts.deny file:
ALL : ALL
That should plug up your system nicely for starters.
Rerun netstat and tell me what you see then.
Cheers,
-- Al
[EMAIL PROTECTED] wrote:
>
> Any of this stuff look suspicious to you?
>
> Proto Recv-Q Send-Q Local Address Foreign Address State
> tcp 0 0 *:32768 *:* LISTEN
> tcp 0 0 *:printer *:* LISTEN
> tcp 0 0 *:sunrpc *:* LISTEN
> tcp 0 0 *:6000 *:* LISTEN
> tcp 0 0 *:631 *:* LISTEN
> udp 0 0 *:sunrpc *:*
> udp 0 0 *:631 *:*
> Active UNIX domain sockets (only servers)
> Proto RefCnt Flags Type State I-Node Path
> unix 2 [ ACC ] STREAM LISTENING 6957 /tmp/.X11-unix/X0
> unix 2 [ ACC ] STREAM LISTENING 6429 /dev/printer
> unix 2 [ ACC ] STREAM LISTENING 7245 /tmp/.ICE-unix/748
> unix 2 [ ACC ] STREAM LISTENING 8469
> /tmp/ksocket-s/kdesud_:0
> unix 2 [ ACC ] STREAM LISTENING 6627 /tmp/.font-unix/fs-1
> unix 2 [ ACC ] STREAM LISTENING 7008
> /tmp/ksocket-s/kdeinit-:0
> unix 2 [ ACC ] STREAM LISTENING 7015 /tmp/.ICE-unix/668
> unix 2 [ ACC ] STREAM LISTENING 7133
> /tmp/mcop-s/localhost_localdomain-02d2-3a7af0eb
> unix 2 [ ACC ] STREAM LISTENING 7030
> /tmp/ksocket-s/klauncherPfMg8b.slave-socket
>
>
> TIA,
> -s
>
>
>
> On Friday 02 February 2001 09:02 pm, you wrote:
> > do a
> >
> > netstat -l
> >
> > to see what is listening on your ports.
> >
> > do a
> >
> > netstat -l -n
> >
> > to show only ip information.
> >
> > Cheers,
> > -- Al
> >
> > [EMAIL PROTECTED] wrote:
> > > Oohhh. Well, I have no other symptoms of a trojan. But not familiar
> > > with too many checks. What should I look at? I rarely download
> > > anything that isn't from rpmfind, except that doggone prazilla or what
> > > ever it was (I was having some difficulty downloading from http:// when
> > > someone on here was exclaiming the greatness of it. It never worked of
> > > course. Hmmm. I knew GoZilla was a no no for windows. Boy one can
> > > lapse into false sense of security was too easily sometimes. Okay, to
> > > dig around and scrap the remains of that out of here.
> > >
> > > Any other suggestions for the once security conscience?
> > >
> > > -s
> > > Just don't let the guys at grc hear about this! :)
> > >
> > > On Friday 02 February 2001 08:50 am, you wrote:
> > > > [EMAIL PROTECTED] wrote:
> > > > > Well yes, pmfirewall, but I don't see the connection. ??
> > > > > -s
> > > > >
> > > > > On Friday 02 February 2001 12:48 am, you wrote:
> > > > > > Hey s...you got a firewall up and running cause Mozilla doesn't
> > > > > > come with the KDE upgrades?
> > > >
> > > > The implication is this....
> > > >
> > > > If you have an rpm package of a program that doesn't come in that form
> > > > with any window manager let alone by mozilla.org itself, you have a
> > > > trojan program on your hands. It functions like normal, but there is
> > > > something "added" that is doing something that it is not supposed to be
> > > > doing. So you will need a firewall in order to prevent an exploit.
> > > >
> > > > Cheers
> > > > --Al
> > > > __________________________________________________________________
> > > > Get your own FREE, personal Netscape Webmail account today at
> > > > http://webmail.netscape.com/
> >
> > __________________________________________________________________
> > Get your own FREE, personal Netscape Webmail account today at
> > http://webmail.netscape.com/
>
>
__________________________________________________________________
Get your own FREE, personal Netscape Webmail account today at
http://webmail.netscape.com/
