I can see two possibilities:
A bug in your kernel (may be possible ...)
Something 'hidden' is attached in this port.
If you reboot and the port is still in use, you should consider to do a
serious forensic
2013/5/9 W Forum W <wfor...@gmail.com>
> Strange,
>
> nc says
> retrying local 0.0.0.0:769 : Address already in use
> retrying local 0.0.0.0:769 : Address already in use
> retrying local 0.0.0.0:769 : Address already in use
> retrying local 0.0.0.0:769 : Address already in use
> Can't grab 0.0.0.0:769 with bind
>
> but nmap says
>
> PORT STATE SERVICE
> 769/tcp closed vid
>
> any ideas why?
> thanks
>
> On 05/08/2013 03:45 PM, Yago Jesus wrote:
>
> This is so weird.
>
> If you have installed netcat, please try to bind it in 769 port.
>
> nc -l -p 769 (at least in my netcat, other versions could use another
> flags)
>
> 2013/5/8 W Forum W <wfor...@gmail.com>
>
>> Outcome of the TCP tests
>>
>> [*]Starting TCP checkingFound Hidden port that not appears in ss: 769
>>
>> But the netstat or ss commands displayed nothing about the hidden TCP
>> port 769
>>
>> Any ideas?
>> Thanks
>>
>>
>> On 05/07/2013 11:42 PM, Yago Jesus wrote:
>>
>> Could you download the latest version of Unhide from
>> http://unhide-forensics.info/ and do the TCP tests ?
>>
>> Thank you !
>>
>> 2013/5/7 W Forum W <wfor...@gmail.com>
>>
>>> Hi,
>>>
>>> Thanks for your reply
>>> Attached the ouput of
>>>
>>> Many thanks
>>>
>>> On 05/07/2013 07:50 PM, Yago Jesus wrote:
>>>
>>> Hi,
>>>
>>> Could you provide us the output of:
>>>
>>> ss -lt
>>>
>>> netstat -tanp
>>>
>>> lsof +c 0 -iTCP | grep -i liste
>>>
>>> Thank you !!
>>>
>>> 2013/5/6 W Forum W <wfor...@gmail.com>
>>>
>>>> Hi,
>>>>
>>>> I have 2 identically installed servers (debian wheezy) with the same
>>>> version of rkhunter (1.4.0-1)
>>>> one of the servers gives a warning
>>>> *Warning: Hidden ports found:
>>>> Port number: TCP:769*
>>>>
>>>> If I check the port on both server, the state of the port is the same
>>>> *PORT STATE SERVICE
>>>> 769/tcp closed vid*
>>>>
>>>> Why give one server a warning and the other not.
>>>> Do I overlook something?
>>>>
>>>> Many thanks
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
>>>> Get 100% visibility into your production application - at no cost.
>>>> Code-level diagnostics for performance bottlenecks with <2% overhead
>>>> Download for free and get started troubleshooting in minutes.
>>>> http://p.sf.net/sfu/appdyn_d2d_ap1
>>>> _______________________________________________
>>>> Rkhunter-users mailing list
>>>> Rkhunter-users@lists.sourceforge.net
>>>> https://lists.sourceforge.net/lists/listinfo/rkhunter-users
>>>>
>>>>
>>>
>>
>
------------------------------------------------------------------------------
Learn Graph Databases - Download FREE O'Reilly Book
"Graph Databases" is the definitive new guide to graph databases and
their applications. This 200-page book is written by three acclaimed
leaders in the field. The early access version is available now.
Download your free book today! http://p.sf.net/sfu/neotech_d2d_may
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
