[TriLUG] possible intruder - advice?
Andrew Perrin
clists at perrin.socsci.unc.edu
Mon May 24 16:26:35 EDT 2004
It's rpc.mountd. The question is why, and why those machines are
connected to it.
----------------------------------------------------------------------
Andrew J Perrin - http://www.unc.edu/~aperrin
Assistant Professor of Sociology, U of North Carolina, Chapel Hill
clists at perrin.socsci.unc.edu * andrew_perrin (at) unc.edu
On Mon, 24 May 2004, Brent Verner wrote:
> [2004-05-24 13:49] Andrew Perrin said:
> | Thanks to all. Frankly, what's most worrisome to me is that 1025 appears
> | open, where other ports are not:
>
> try this to see if it'll show you which process is listenting
>
> sh# lsof -n|grep TCP|grep 1025
>
> b
>
> --
> TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug
> TriLUG Organizational FAQ : http://trilug.org/faq/
> TriLUG Member Services FAQ : http://members.trilug.org/services_faq/
> TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
>
More information about the TriLUG
mailing list