Seif Attar wrote: > On Thu, 2008-05-01 at 12:02 +0100, Tony Arnold wrote: >> Seif, >> >> Seif Attar wrote: >> >>> I installed nessus on one ubuntu machine, and set the target to another >>> ubuntu machine on the lan, after it finished, the report had a lot of >>> warning and threats, but I assume they are ok, as they are services i >>> know, and that i want running, one thing worried is a service running on >>> port 2000, nessus said it's sometimes used by trojan horses, my first >>> test was to access the server on that port with a web browser (epiphany) >>> the reponse was a file download "eX87YDOb.exe.part", which got me really >>> worried now! running "sudo netstat -n -tap | grep 2000" returns >>> tcp 0 0 0.0.0.0:2000 0.0.0.0:* >>> LISTEN 6096/inetd >>> >>> so if it's inetd, where does that file download come from?? should i be >>> worried? any links on what to do when you think your machine is >>> compromised? >> Have a look in /etc/services to see what service port 2000 is known by. >> On my system, it says 'Seive mail filter daemon'. Also look in >> /etc/inetd.conf to see what inetd is listening for and what it invokes >> when a connection is received on port 2000. >> > > the relevant line in /etc/inetd.conf is: > > 2000 nobody /usr/sbin/tcpd /usr/sbin/nbdrootd /opt/ltsp/images/amd64.img > > just googled what nndrootd does, and i guess mythtv installed it? or > it's used by it. > > if i open the address host:2000 in a browser on a remote machine, i get > an exe.part file, if i do it localy, iget a bin.part file, i ran strings > on the files hoping to find something useful, all it had was NBDMAGIC, > why is inetd and ltsp returning these files? is this normal behaviour?
I'm afraid I don't know anything about mythtv or ltsp! You could comment out the line in inetd.conf and restart inetd and see if anything breaks! Regards, Tony. -- Tony Arnold, Tel: +44 (0) 161 275 6093 Head of IT Security, Fax: +44 (0) 870 136 1004 University of Manchester, Mob: +44 (0) 773 330 0039 Manchester M13 9PL. Email: [EMAIL PROTECTED] -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.org/UKTeam/
