-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 24 September 2002 09:00 pm, Steve Buehler wrote: > Can anybody point me to a list of ports would be used on a linux based > system. I have a weird one showing up on a netstat report:
The file /etc/services is a good place to start. > /etc# netstat -na | grep 161.69.201.237 > tcp 0 0 > my_machines_ip_here:4156 161.69.201.237:20 ESTABLISHED > tcp 128 0 > my_machines_ip_here:4154 161.69.201.237:21 CLOSE Looks like an ftp session from your machine to 161.69.201.237 > I am trying to find out what they are because I received an report from > another server: > "Possible slapper worm infected host on your network. My timezone is > GMT 0" > > I have checked my version of openssl and it is 0.9.6-3. I noticed that > the fix for the Linux.Slapper.Worm (according to Redhats site) is to > have at least version 0.9.5a-29. So theoretically, I shouldn't have a > problem with that worm.....I think. Have you checked the contents of /tmp? The worm doesn't do much to hide it's presence. If infected, you'll probably find the file bugtrac.c in that directory. Note, newer versions of the worm have been found, the file names have changed but the evidence still exists in /tmp, I believe. - -- - -Michael pgp key: http://www.tuxfan.homeip.net:8080/gpgkey.txt Red Hat Linux 7.{2,3} in 8M of RAM: http://www.rule-project.org/ - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iEYEARECAAYFAj2REh8ACgkQn/07WoAb/StiDACfYh0E85WZXbnKr3RJ2kbDZFT4 hsAAn2oez4ZfzNzfev4C2uplaYitQF98 =tFpZ -----END PGP SIGNATURE----- -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED]?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
