port 994

To: debian-isp@lists.debian.org
Subject: port 994
From: Pim Bliek <bliekp@pingwings.nl>
Date: Mon, 21 Feb 2005 20:49:24 +0100
Message-id: <[🔎] 910d2eed6a2f98eff5c4d4b70328ebef@pingwings.nl>

Hi All,

I am not understanding this. When I run a nmap localhost, it tells meport 994 and 988 are open. I do not know why, and I cannot seem to findit... Maybe the brute-force ssh cracking guys came through? I cannotimagine, my box doesn't 'look' compromised, and I have hard to guesspasswords. Also, when I see these guys in my logs (I use logcheckhourly) I block their IP's quite quickly in /etc/hosts.deny.

Anyone any suggestions on how to find out which process is opening upthese ports? I guess it is some fancy netstat option... I read themanpage but boy this is complicated (and I run Linux for 10 yrs now...)


Thanx!

Pim



# nmap localhost

Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-02-2120:45 CET

Interesting ports on localhost (127.0.0.1):
(The 1648 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
80/tcp   open  http
110/tcp  open  pop3
111/tcp  open  rpcbind
143/tcp  open  imap
443/tcp  open  https
465/tcp  open  smtps
587/tcp  open  submission
988/tcp  open  unknown
993/tcp  open  imaps
994/tcp  open  ircs
995/tcp  open  pop3s
3306/tcp open  mysql
8009/tcp open  ajp13

Reply to:

Follow-Ups:
- Re: port 994
  - From: Marcin Owsiany <porridge@debian.org>

Prev by Date: OT: Weird routing issues
Next by Date: Re: port 994
Previous by thread: Re: OT: Weird routing issues
Next by thread: Re: port 994
Index(es):
- Date
- Thread