Port 1025 is used for Remote File Sharing, but it is also used by certain trojans: Fraggle Rock, md5 Backdoor, NetSpy, Remote Storm.
I suggest that you either down your server remotely, or use IP Tables to block all ports but the ones you know you need. I'm guessing that you've already done an NMAP scan of your system to see if there are any other open ports. Jon Carnes On Mon, 2004-05-24 at 10:36, Marty Ferguson wrote: > Google "port 1025" > > TCP Port 1025. Common Use. Microsoft Remote Procedure Call (RPC) > www.linklogger.com/TCP1025.htm > > Are you running Samba? > > M > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Behalf Of Andrew Perrin > Sent: Monday, May 24, 2004 9:26 AM > To: [EMAIL PROTECTED] > Subject: [TriLUG] possible intruder - advice? > > > I"m showing someone attached to my home machine's port 1025. This is, > needless to say, not something I like. fuser 1025/tcp and fuser 1025/udp > show nothing. 1025 isn't listed in /etc/services. What else should I look > at? > > ap > > ---------------------------------------------------------------------- > Andrew J Perrin - http://www.unc.edu/~aperrin > Assistant Professor of Sociology, U of North Carolina, Chapel Hill > [EMAIL PROTECTED] * andrew_perrin (at) unc.edu > > -- > TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug > TriLUG Organizational FAQ : http://trilug.org/faq/ > TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ > TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc -- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
