Noah Meyerhans wrote:
On Mon, Jan 14, 2002 at 02:49:36PM -0600, Kent West wrote:I've got a Debian box (2.2.17, mostly woody) that I've just discovered has a more-or-less hidden telnetd running on port 1037 as well as the normal telnetd on port 23. I thought I had uninstalled telnetd (although it's possible I forgot to remove it).Having telnetd listening on port 1037 is definitely not normal. telnet listens for unencrypted connection on port 23 (as you mentioned) and can listen on port 992 if you're running a secure SSL enabled version. But not 1037.I'm thinking that somehow I've been broken into.Quite possibly.
<snip>
Having telnetd listening on port 1037, if in fact it is, is probably not
a good thing. Have you actually tried telnetting to that port ('telnet
localhost 1037')?
Yes, and I'm able to login via that port.
Does 'netstat -tlnp' indicate that the process using that port is actually in "LISTEN" state?
chanslor[westk]:/home/westk> sudo netstat -tlnp Password: Active Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:6010 0.0.0.0:* LISTEN 6875/sshd tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 456/inetd tcp 0 0 0.0.0.0:1037 0.0.0.0:* LISTEN 456/inetd tcp 0 0 0.0.0.0:901 0.0.0.0:* LISTEN
etc etc
noah
Thanks for the info! Kent