am i hacked?

This is a discussion on am i hacked? within the Linux General forums, part of the Linux Forums category; I have some weird ports open on my machine. I am running samba, webmin and postfix. But i appear to ...


Go Back   Usenet Forums > Linux Forums > Linux General

Reload this Page am i hacked?

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 03-06-2005
linuxnooby
 
Posts: n/a
Default am i hacked?
I have some weird ports open on my machine. I am running samba, webmin
and postfix. But i appear to have ports 10026 and 32822 open.

does anybody understand what is going on???

cheers Dave


These are the ports listening on your machine :
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State
PID/Program name
tcp 0 0 hostname:10026 *:* LISTEN
30965/master
tcp 0 0 *:netbios-ssn *:*
LISTEN
10521/smbd
tcp 0 0 *:11000 *:*
LISTEN
2324/perl
tcp 0 0 hostname:smtp *:* LISTEN
30965/master
tcp 0 0 *:microsoft-ds *:*
LISTEN
10521/smbd
udp 0 0 hostname:netbios-ns *:*
10532/nmbd
udp 0 0 *:netbios-ns *:*
10532/nmbd
udp 0 0 hostname:netbios-dgm *:*
10532/nmbd
udp 0 0 *:netbios-dgm *:*
10532/nmbd
udp 0 0 *:10000 *:*
2324/perl
udp 0 0 hostname:32822 *:*
30452/smbd
Reply With Quote
  #2 (permalink)  
Old 03-07-2005
Alan Connor
 
Posts: n/a
Default Re: am i hacked?
On 6 Mar 2005 15:34:23 -0800, linuxnooby
<linuxnooby@yahoo.com.au> wrote:


> I have some weird ports open on my machine. I am running samba,
> webmin and postfix. But i appear to have ports 10026 and 32822
> open.
>
> does anybody understand what is going on???

Why don't you use a packet-logger like ethereal or tethereal
and have it pull out packets to and from those ports and check
them out?

AC



Reply With Quote
  #3 (permalink)  
Old 03-07-2005
Captain Dondo
 
Posts: n/a
Default Re: am i hacked?
On Sun, 06 Mar 2005 15:34:23 -0800, linuxnooby wrote:

> I have some weird ports open on my machine. I am running samba, webmin
> and postfix. But i appear to have ports 10026 and 32822 open.
>
> does anybody understand what is going on???

http://www.iana.org/assignments/port-numbers

ISTR that 1025 might be used for an alternate SMTP port for sendmail, so
perhaps postfix is using 1026 just to be different?

I don't know what would be on 32822....

I know there is a way to check which process is controlling which port,
but it escapes me right now....

--
o__
,>/'_ o__
(_)\(_) ,>/'_ o__
Yan Seiner (_)\(_) ,>/'_ o__
Certified Personal Trainer (_)\(_) ,>/'_ o__
Licensed Professional Engineer (_)\(_) ,>/'_
Engineer for hire - http://www.seiner.com/engineer.html (_)\(_)

use munged address above to email me
SpamTrap DoMeNow@seiner.com

Reply With Quote
  #4 (permalink)  
Old 03-07-2005
AT
 
Posts: n/a
Default Re: am i hacked?
On Sun, 06 Mar 2005 16:53:38 -0800, Captain Dondo wrote:

> On Sun, 06 Mar 2005 15:34:23 -0800, linuxnooby wrote:
>
>> I have some weird ports open on my machine. I am running samba, webmin
>> and postfix. But i appear to have ports 10026 and 32822 open.
>>
>> does anybody understand what is going on???
>
> http://www.iana.org/assignments/port-numbers
>
> ISTR that 1025 might be used for an alternate SMTP port for sendmail, so
> perhaps postfix is using 1026 just to be different?
>
> I don't know what would be on 32822....
>
> I know there is a way to check which process is controlling which port,
> but it escapes me right now....

lsof | grep LISTEN

HTH
Andreas
Reply With Quote
  #5 (permalink)  
Old 03-07-2005
Larry Gagnon
 
Posts: n/a
Default Re: am i hacked?
On Sun, 06 Mar 2005 15:34:23 -0800, linuxnooby wrote:

> I have some weird ports open on my machine. I am running samba, webmin
> and postfix. But i appear to have ports 10026 and 32822 open.
>
> does anybody understand what is going on???

Port numbers above 1024 are internal client/server applications on the
machine and are not available to the outside world. I don't think you have
a problem.

Larry Gagnon
Reply With Quote
  #6 (permalink)  
Old 03-07-2005
Jean-David Beyer
 
Posts: n/a
Default Re: am i hacked?
Larry Gagnon wrote:
> On Sun, 06 Mar 2005 15:34:23 -0800, linuxnooby wrote:
>
>
>>I have some weird ports open on my machine. I am running samba, webmin
>>and postfix. But i appear to have ports 10026 and 32822 open.
>>
>>does anybody understand what is going on???
>
>
> Port numbers above 1024 are internal client/server applications on the
> machine and are not available to the outside world. I don't think you have
> a problem.
>
I do not believe that.

kermit uses 1649
nfs uses 2049
pgpkeyserver uses 11371
traceroute uses 33434
....

--
.~. Jean-David Beyer Registered Linux User 85642.
/V\ PGP-Key: 9A2FC99A Registered Machine 241939.
/( )\ Shrewsbury, New Jersey http://counter.li.org
^^-^^ 22:25:00 up 46 days, 6:42, 3 users, load average: 4.31, 4.19, 4.16

Reply With Quote
  #7 (permalink)  
Old 03-07-2005
John Hasler
 
Posts: n/a
Default Re: am i hacked?
Larry Gagnon writes:
> Port numbers above 1024 are internal client/server applications on the
> machine and are not available to the outside world.

There is nothing about ports above 1024 that make them "not available to
the outside world". The only thing special about them is that you do not
have to be root to open them.
--
John Hasler
john@dhh.gt.org
Dancing Horse Hill
Elmwood, WI USA
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 12:51 PM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0