BTW, those two ports (4156 and 4154) do not show up in the /etc/services. I had already checked there. Apparantly, those are the outbound ports. Someone else pointed me to use netstat -anp and that gave me the process id which I traced down to McAfee's autoupdate program that is used in conjunction with our MailScanner program.
Thanks Steve At 09:32 PM 9/24/2002 -0400, you wrote: >-----BEGIN PGP SIGNED MESSAGE----- >Hash: SHA1 > >On Tuesday 24 September 2002 09:00 pm, Steve Buehler wrote: > > Can anybody point me to a list of ports would be used on a linux based > > system. I have a weird one showing up on a netstat report: > >The file /etc/services is a good place to start. > > > /etc# netstat -na | grep 161.69.201.237 > > tcp 0 0 > > my_machines_ip_here:4156 161.69.201.237:20 ESTABLISHED > > tcp 128 0 > > my_machines_ip_here:4154 161.69.201.237:21 CLOSE > >Looks like an ftp session from your machine to 161.69.201.237 > > > I am trying to find out what they are because I received an report from > > another server: > > "Possible slapper worm infected host on your network. My timezone is > > GMT 0" > > > > I have checked my version of openssl and it is 0.9.6-3. I noticed that > > the fix for the Linux.Slapper.Worm (according to Redhats site) is to > > have at least version 0.9.5a-29. So theoretically, I shouldn't have a > > problem with that worm.....I think. > >Have you checked the contents of /tmp? The worm doesn't do much to hide >it's presence. If infected, you'll probably find the file bugtrac.c in >that directory. Note, newer versions of the worm have been found, the >file names have changed but the evidence still exists in /tmp, I believe. > >- -- >- -Michael > >pgp key: http://www.tuxfan.homeip.net:8080/gpgkey.txt >Red Hat Linux 7.{2,3} in 8M of RAM: http://www.rule-project.org/ >- -- >-----BEGIN PGP SIGNATURE----- >Version: GnuPG v1.0.6 (GNU/Linux) >Comment: For info see http://www.gnupg.org > >iEYEARECAAYFAj2REh8ACgkQn/07WoAb/StiDACfYh0E85WZXbnKr3RJ2kbDZFT4 >hsAAn2oez4ZfzNzfev4C2uplaYitQF98 >=tFpZ >-----END PGP SIGNATURE----- > > > >-- >redhat-list mailing list >unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe >https://listman.redhat.com/mailman/listinfo/redhat-list > >-- >This message has been scanned for viruses and >dangerous content by MailScanner, and is >believed to be clean. >ow3 -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. ow3 -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
