port 994
Hi All,
I am not understanding this. When I run a nmap localhost, it tells me
port 994 and 988 are open. I do not know why, and I cannot seem to find
it... Maybe the brute-force ssh cracking guys came through? I cannot
imagine, my box doesn't 'look' compromised, and I have hard to guess
passwords. Also, when I see these guys in my logs (I use logcheck
hourly) I block their IP's quite quickly in /etc/hosts.deny.
Anyone any suggestions on how to find out which process is opening up
these ports? I guess it is some fancy netstat option... I read the
manpage but boy this is complicated (and I run Linux for 10 yrs now...)
Thanx!
Pim
# nmap localhost
Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-02-21
20:45 CET
Interesting ports on localhost (127.0.0.1):
(The 1648 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
143/tcp open imap
443/tcp open https
465/tcp open smtps
587/tcp open submission
988/tcp open unknown
993/tcp open imaps
994/tcp open ircs
995/tcp open pop3s
3306/tcp open mysql
8009/tcp open ajp13
Reply to: