[Security] Nearly had heart attack ! :-O
Vincent Trouilliez
vincent.trouilliez at modulonet.fr
Thu Mar 15 20:41:50 GMT 2007
> According to http://packages.ubuntu.com/
> usr/sbin/rpc.mountd is only supplied by two packages
> nfs-kernel-server and nfs-user-server
> Check to see which of those are installed;
Ah, yes, it appears I have nfs-kernel-server installed. nfs-user-server
isn't installed. I guess it was installed automatically when I enabled
file sharing for the first time, using Nautilus, a while ago.
> uninstalling it should close that port up.
I didn't uninstall it, I only went to System->Administration->Services,
and unchecked both the NFS and SMB file sharing services...
> Then post the output of "sudo netstat -antup | grep ':\*'" again :)
...then I ran that command again, and indeed port 668 isn't listed
anymore.
tcp 0 0 127.0.0.1:2208 0.0.0.0:* LISTEN 4172/hpiod
tcp 0 0 0.0.0.0:902 0.0.0.0:* LISTEN 4481/xinetd
tcp 0 0 0.0.0.0:41705 0.0.0.0:* LISTEN 4430/rpc.statd
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 3496/portmap
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 4151/cupsd
tcp 0 0 127.0.0.1:60543 0.0.0.0:* LISTEN 4178/python
udp 0 0 0.0.0.0:32770 0.0.0.0:* 4430/rpc.statd
udp 0 0 0.0.0.0:790 0.0.0.0:* 4430/rpc.statd
udp 0 0 0.0.0.0:68 0.0.0.0:* 3270/dhclient3
udp 0 0 0.0.0.0:111 0.0.0.0:* 3496/portmap
udp 0 0 85.69.101.76:123 0.0.0.0:* 4451/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 4451/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 4451/ntpd
udp6 0 0 :::123 :::* 4451/ntpd
So, this originally "unknown" port 668 is nothing to worry about in the end,
it's just NFS file sharing, good ! :o)
Thanks guys for the shedding some light ! :o)
--
Vince
More information about the sounder
mailing list