hi
After a reboot the problem disappeared
Many thanks
Kin Regards
On 05/09/2013 04:00 PM, Yago Jesus wrote:
> I can see two possibilities:
>
> A bug in your kernel (may be possible ...)
>
> Something 'hidden' is attached in this port.
>
> If you reboot and the port is still in use, you should consider to do
> a serious forensic
>
> 2013/5/9 W Forum W <wfor...@gmail.com <mailto:wfor...@gmail.com>>
>
> Strange,
>
> nc says
> retrying local 0.0.0.0:769 <http://0.0.0.0:769> : Address already
> in use
> retrying local 0.0.0.0:769 <http://0.0.0.0:769> : Address already
> in use
> retrying local 0.0.0.0:769 <http://0.0.0.0:769> : Address already
> in use
> retrying local 0.0.0.0:769 <http://0.0.0.0:769> : Address already
> in use
> Can't grab 0.0.0.0:769 <http://0.0.0.0:769> with bind
>
> but nmap says
>
> PORT STATE SERVICE
> 769/tcp closed vid
>
> any ideas why?
> thanks
>
> On 05/08/2013 03:45 PM, Yago Jesus wrote:
>> This is so weird.
>>
>> If you have installed netcat, please try to bind it in 769 port.
>>
>> nc -l -p 769 (at least in my netcat, other versions could use
>> another flags)
>>
>> 2013/5/8 W Forum W <wfor...@gmail.com <mailto:wfor...@gmail.com>>
>>
>> Outcome of the TCP tests
>>
>> [*]Starting TCP checking
>> Found Hidden port that not appears in ss: 769
>>
>> But the netstat or ss commands displayed nothing about the
>> hidden TCP port 769
>>
>> Any ideas?
>> Thanks
>>
>>
>> On 05/07/2013 11:42 PM, Yago Jesus wrote:
>>> Could you download the latest version of Unhide
>>> from http://unhide-forensics.info/ and do the TCP tests ?
>>>
>>> Thank you !
>>>
>>> 2013/5/7 W Forum W <wfor...@gmail.com
>>> <mailto:wfor...@gmail.com>>
>>>
>>> Hi,
>>>
>>> Thanks for your reply
>>> Attached the ouput of
>>>
>>> Many thanks
>>>
>>> On 05/07/2013 07:50 PM, Yago Jesus wrote:
>>>> Hi,
>>>>
>>>> Could you provide us the output of:
>>>>
>>>> ss -lt
>>>>
>>>> netstat -tanp
>>>>
>>>> lsof +c 0 -iTCP | grep -i liste
>>>>
>>>> Thank you !!
>>>>
>>>> 2013/5/6 W Forum W <wfor...@gmail.com
>>>> <mailto:wfor...@gmail.com>>
>>>>
>>>> Hi,
>>>>
>>>> I have 2 identically installed servers (debian
>>>> wheezy) with the same version of rkhunter (1.4.0-1)
>>>> one of the servers gives a warning
>>>> /Warning: Hidden ports found:
>>>> Port number: TCP:769/
>>>>
>>>> If I check the port on both server, the state of
>>>> the port is the same
>>>> /PORT STATE SERVICE
>>>> 769/tcp closed vid/
>>>>
>>>> Why give one server a warning and the other not.
>>>> Do I overlook something?
>>>>
>>>> Many thanks
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Introducing AppDynamics Lite, a free
>>>> troubleshooting tool for Java/.NET
>>>> Get 100% visibility into your production
>>>> application - at no cost.
>>>> Code-level diagnostics for performance bottlenecks
>>>> with <2% overhead
>>>> Download for free and get started troubleshooting
>>>> in minutes.
>>>> http://p.sf.net/sfu/appdyn_d2d_ap1
>>>> _______________________________________________
>>>> Rkhunter-users mailing list
>>>> Rkhunter-users@lists.sourceforge.net
>>>> <mailto:Rkhunter-users@lists.sourceforge.net>
>>>> https://lists.sourceforge.net/lists/listinfo/rkhunter-users
>>>>
>>>>
>>>
>>
>
------------------------------------------------------------------------------
Try New Relic Now & We'll Send You this Cool Shirt
New Relic is the only SaaS-based application performance monitoring service
that delivers powerful full stack analytics. Optimize and monitor your
browser, app, & servers with just a few lines of code. Try New Relic
and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_may
_______________________________________________
Rkhunter-users mailing list
Rkhunter-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/rkhunter-users
