Xinetd is listening on port tcp:514????@
Benjamin J. Weiss
benjamin at weiss.name
Thu May 20 17:53:20 UTC 2004
From: "Keg" <redhat at zulu420.com>
>
> I have shutdown syslog and looked at everything in /etc/xinetd.conf and
> /etc/xinetd.d/* and cannot find what is listening on TCP port 514.
>
> syslog:/usr/local/syslog-ng-1.6.3 #netstat -anp | grep LIST
> tcp 0 0 0.0.0.0:512 0.0.0.0:*
> LISTEN 1597/xinetd
> tcp 0 0 0.0.0.0:32768 0.0.0.0:*
> LISTEN 1506/rpc.statd
> tcp 0 0 127.0.0.1:32769 0.0.0.0:*
> LISTEN 1597/xinetd
> tcp 0 0 0.0.0.0:513 0.0.0.0:*
> LISTEN 1597/xinetd
> tcp 0 0 0.0.0.0:514 0.0.0.0:*
> LISTEN 1597/xinetd
<snip>
> What is binding to this port???
Try doing a "grep 514 /etc/xinetd.d/*". You can also do a chkconfig --list,
and at the bottom will be a list of xinetd services and whether they're set
to run automatically or not.
Finally, you should always check dshield.com, as they'll not only tell you
what the port *should* be running, but also what virii/trojans will grab the
port. In this case:
http://www.dshield.com/port_report.php?port=514&recax=1&tarax=2&srcax=2&percent=N&days=40
shows that there are two trojans that also like that port.
Ben
More information about the redhat-list
mailing list