Seif, Seif Attar wrote:
> I installed nessus on one ubuntu machine, and set the target to another > ubuntu machine on the lan, after it finished, the report had a lot of > warning and threats, but I assume they are ok, as they are services i > know, and that i want running, one thing worried is a service running on > port 2000, nessus said it's sometimes used by trojan horses, my first > test was to access the server on that port with a web browser (epiphany) > the reponse was a file download "eX87YDOb.exe.part", which got me really > worried now! running "sudo netstat -n -tap | grep 2000" returns > tcp 0 0 0.0.0.0:2000 0.0.0.0:* > LISTEN 6096/inetd > > so if it's inetd, where does that file download come from?? should i be > worried? any links on what to do when you think your machine is > compromised? Have a look in /etc/services to see what service port 2000 is known by. On my system, it says 'Seive mail filter daemon'. Also look in /etc/inetd.conf to see what inetd is listening for and what it invokes when a connection is received on port 2000. HTH. Regards, Tony. -- Tony Arnold, Tel: +44 (0) 161 275 6093 Head of IT Security, Fax: +44 (0) 870 136 1004 University of Manchester, Mob: +44 (0) 773 330 0039 Manchester M13 9PL. Email: [EMAIL PROTECTED] -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.org/UKTeam/
