On Thu, 2008-05-01 at 12:02 +0100, Tony Arnold wrote: > Seif, > > Seif Attar wrote: > > > I installed nessus on one ubuntu machine, and set the target to another > > ubuntu machine on the lan, after it finished, the report had a lot of > > warning and threats, but I assume they are ok, as they are services i > > know, and that i want running, one thing worried is a service running on > > port 2000, nessus said it's sometimes used by trojan horses, my first > > test was to access the server on that port with a web browser (epiphany) > > the reponse was a file download "eX87YDOb.exe.part", which got me really > > worried now! running "sudo netstat -n -tap | grep 2000" returns > > tcp 0 0 0.0.0.0:2000 0.0.0.0:* > > LISTEN 6096/inetd > > > > so if it's inetd, where does that file download come from?? should i be > > worried? any links on what to do when you think your machine is > > compromised? > > Have a look in /etc/services to see what service port 2000 is known by. > On my system, it says 'Seive mail filter daemon'. Also look in > /etc/inetd.conf to see what inetd is listening for and what it invokes > when a connection is received on port 2000. >
the relevant line in /etc/inetd.conf is: 2000 nobody /usr/sbin/tcpd /usr/sbin/nbdrootd /opt/ltsp/images/amd64.img just googled what nndrootd does, and i guess mythtv installed it? or it's used by it. if i open the address host:2000 in a browser on a remote machine, i get an exe.part file, if i do it localy, iget a bin.part file, i ran strings on the files hoping to find something useful, all it had was NBDMAGIC, why is inetd and ltsp returning these files? is this normal behaviour? -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.org/UKTeam/
