[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???

Subject: RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
From: "Loryan Strant" <cobalt-emails@xxxxxxxxxx>
Date: Tue, 17 Apr 2001 18:24:01 +1000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

I've found that "/usr/sbin/nscd" is the responsible program for that port
being open. I don't know what that program is, as it is not found on our
backup RaQ4 server (which mind you has a lot less updates and programs
installed).
I know that my server is now untrustworthy, but would it be a good idea to
rename/delete this file in the meantime?

Thanks,

Loryan

-----Original Message-----
From: cobalt-security-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]On Behalf Of Rob Kennedy
Sent: Tuesday, 17 April 2001 3:30 AM
To: cobalt-users@xxxxxxxxxxxxxxx
Cc: cobalt-security@xxxxxxxxxxxxxxx
Subject: [cobalt-security] Re: [cobalt-users] ssh on port 44658???

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Go grab a copy of lsof and grep for LISTEN, or run netstat -anp |grep
LISTEN and see what is actually running, then take a look through your
inetd.conf of /etc/services to see if it was set up in there..  do a ps
auxw to see what user started it.. find the file that starts it, and see
when it was installed.. do a last -a to see who was logged in at the time
and from where.. etc..  things i would do..

Rob

- --
Rob Kennedy
ASPRE, Inc.
rkennedy@xxxxxxxxx
http://www.aspre.net/

Managed e-Business that works
- ---------------------------------
the first exclusive e-Business Application Service Provider (ASP)

t. 215.957.2266 Ext. 2145
f. 215.957.2277

113 Rock Road
Horsham, PA 19044

On Mon, 16 Apr 2001, Loryan Strant wrote:

> Hi,
>
> While doing a routine portscan of my RaQ4, I noticed that port 44658 is
> running SSH 1.5-1.2.27.
>
> I know for a fact that I didn't set that up, as I'm running OpenSSH 2.1.1
on
> a completely different port.
>
> Does anyone have any ideas as to what this is?
>
> Thanks,
>
> Loryan
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE62ywkgExIAP5wKEsRAnzGAJ9/tYjyOfF+J89ZOacHOYrztBfNHACfbpcC
WFqnbSE2d/Fd/gc4UJd7Y38=
=VZgc
-----END PGP SIGNATURE-----

_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security

Follow-Ups:
- RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
  - From: Rob Kennedy
- Re: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
  - From: Gareth Bromley
- RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
  - From: shimi
- RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
  - From: Paul Gillingwater
- RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
  - From: Åke Brännström

References:
- [cobalt-security] Re: [cobalt-users] ssh on port 44658???
  - From: Rob Kennedy

Prev by Date: [cobalt-security] ORBS complaint - relaying
Next by Date: [cobalt-security] [cobalt-users] ssh on port 44658???
Previous by thread: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
Next by thread: RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index