... но, может, мне кто-то объяснит такую пакость:
просканил порты на предмет троянов и прочей пакости (сканил Advanced Administrative Tools) и дико порадовался результатам. Словом, на порту 1025 висит какая-то зараза по имени Network Blackjack, что ААТ определили как возможный Remote Storm. Порылся на всех поисковиках, куда мог дотянуться, но никто о подобной дряни не слышал. 8-//// Порт я закрыл, но осадок остался. Никто не в курсе, чего это за хрень? Уж больно мне слово Remote не нравится...
ЗЫ Это, понятно, не предложение прибить мне кампутер. =)))))
from google search...28.06.02 22:03 Автор: + <Mikhail> Статус: Elderman
Boobcheto GOOGLE vydaet kuchu ssylok na eto. Bot odna is nih: 1025 is dynamically allocatable, and may be given to any non-priviledge
process that requests it. Its use on your system probably has
nothing to do with Network Blackjack. "Network Blackjack" is, by the
way, a networked version of the card game "Blackjack", also known as
"21".
My records indicate that at one point on my system, udp port 1025 was in use
by 'nsd', which is SGI's Name Service Daemon under IRIX 6.5. But
it isn't there anymore -- nsd has been dynamically allocated other
ports this boot. This is important to understand: other processes
mightlegitimatelyhave been given port 1025, and they might be given
some other port at other times.
To trace back use of port 1025 on your system, you should probably
use the 'netstat -na' command to find a connection for the port.
Look for a line similar to
udp 0 0 *.1025 . LISTEN
or
tcp 0 0 192.168.3.9.1025 195.15.73.24.119 ESTABLISHED
If you see the line with the '*' before the 1025, then there is a process
listening for connections on port 1025, and you should issue the
command fuser 1025/udp to find out what the process number is:
$ fuser 1025/udp
1025/udp: 261o
means process 261 has the port open.
$ ps -fp261
would then show you what the process was about if you are on Unix.
The part you put after the slash ('/') on the fuser command line should
be the same as the first word on the line (udp or tcp) that you saw
the *.1025 on.
If you see the line varient that has an IP address before the port number,
then the IP address will either be 127.0.0.1 or will be your own
IP address. Whichever shows up, you must work into the fuser command
$ fuser 192.168.3.9:1025/tcp
If you forget and omit the host address or use a different host address
then is shown, you will not get the right information back.
--------------------------------------------------------------------------------
Google Home - Advertise with Us - Search Solutions - News and Resources - Language Tools - Jobs, Press, Cool Stuff...
На Гугле не искал. =((((29.06.02 10:09 Автор: Lurga Статус: Elderman
подробно о проекте
Анализ криптографических сетевых...
новое сообщение
закрытая нитка
новое сообщение
в закрытой нитке
старое сообщение
