[buug] xtreelic, maitrd, busboy, and garcon
mp at rawbw.com
Fri Feb 6 13:14:09 PST 2004
I'd think it likely that the same or similar facilities are available on
Red Hat LINUX as on Debian GNU/Linux for this ...
on Debian GNU/Linux my relatively favorite way to quickly track down what
is associated with specific open ports typically goes like this:
use fuser, e.g.:
# fuser -n tcp 998
to determine the PID(s) associated with the open port(s),
use ps and/or the /proc filesystem to determine what programs/binaries
are associated with the PID(s) and/or examine PPID(s) (recursively if
necessary) to determine relevant process(es)/programs, etc. - and
take appropriate action(s) as may be relevant from there.
It's mostly standard generic UNIX methodology, except:
fuser's -n capability comes in quite handy, but seems relatively newer
and may not be present on many (or most/all?) of the commercial UNIX
proc filesystem may not exist for some UNIX flavors/versions (or may
lack information to hunt down the responsible binary), but is generally
quite handy in LINUX (in some cases proc filesystem might not be mounted
in LINUX, but typically it would be due to dependencies).
netstat can be useful - particularly versions which have capabilities of
identifying PID(s) and/or specific binaries associated with open ports.
lsof can be very handy, but in many environments it may not be installed
(whereas fuser and netstat would almost always be present).
> From: Joseph Zitt <jzitt at josephzitt.com>
> To: buug at weak.org
> Message-Id: <1075974756.2224.33.camel at aleph.josephzitt.com>
> Subject: [buug] xtreelic, maitrd, busboy, and garcon
> Date: 05 Feb 2004 01:52:37 -0800
> http://crypto.yashy.com/nmap.php which apparently runs nmap againt the
> machine that calls it, reported the following ports as open on my RedHat
> 9 box:
> 996/tcp filtered xtreelic
> 997/tcp filtered maitrd
> 998/tcp filtered busboy
> 999/tcp filtered garcon
> I'm puzzled by the latter four entries, since they're not anything I'm
> familiar with. Googling suggests that maitrd has something to do with
> remote process invocation, but that's from a paper written in 1990 that
> may or may not be relevant.
> Does anyone know what these are? Is there any way to find out what
> programs use them? Should I be worried, and should I close them?
More information about the buug