[asterisk-users] Fwd: Unknown udp ports listening experts calling !

Xavier Cardil cardil.xavier at gmail.com
Wed Jul 1 08:40:14 CDT 2009 

Hi Bruce, thank you for your recommendations . . . I passed the test and the
only wanrning is this one :

/usr/sbin/unhide                                         [ Warning ]
    /usr/sbin/useradd                                        [ OK ]
    /usr/sbin/userdel                                        [ OK ]
    /usr/sbin/usermod                                        [ OK ]
    /usr/sbin/vipw                                           [ OK ]
    /usr/sbin/unhide-linux26                                 [ Warning ]


On Wed, Jul 1, 2009 at 1:42 PM, Bruce Ferrell <bferrell at baywinds.org> wrote:

>
>
> Xavier Cardil wrote:
> > I found nothing is passing through those ports . . . I think something
> > was sending the stream to our PST/SIP gateways, so the calls where
> > affected when getting in to the gateways. I found we are not running any
> > extra TCL applications on those gateways . . . could it be possible ?
> > Could an UDP stream get mixed with another through an UDP port ? Is a
> > very strange issue but I really want to know why . . . any more hints ?
> >
> > Thanks.
> >
> > On Wed, Jul 1, 2009 at 11:48 AM, John A. Sullivan III
> > <jsullivan at opensourcedevel.com <mailto:jsullivan at opensourcedevel.com>>
> > wrote:
> >
> >     On Wed, 2009-07-01 at 10:14 +0100, Steve Howes wrote:
> >     > On 1 Jul 2009, at 09:54, Xavier Cardil wrote:
> >     > > udp        0      0 0.0.0.0:2727 <http://0.0.0.0:2727>
> >     > > 0.0.0.0:*                           4989/asterisk
> >     > > udp        0      0 0.0.0.0:9001 <http://0.0.0.0:9001>
> >     > > 0.0.0.0:*                           26354/udp-sender
> >     > > udp        0      0 0.0.0.0:5000 <http://0.0.0.0:5000>
> >     > > 0.0.0.0:*                           4989/asterisk
> >     >
> >     > 2727 = mgcp
> >     >
> >     > I found that with Google. A useful tool.
> >     <snip>
> >     I thought 9001 was for JetDirect style print servers.  I don't recall
> >     off the top of my head if they are tcp or udp - John
> >     --
> >     John A. Sullivan III
> >     Open Source Development Corporation
> >     +1 207-985-7880
> >     jsullivan at opensourcedevel.com <mailto:jsullivan at opensourcedevel.com>
> >
> >     http://www.spiritualoutreach.com
> >     Making Christianity intelligible to secular society
> >
>
>
> Assuming first your box doesn't have a rootkit installed  (to check for
> a rootkit, use rkhunter.  Your distro may have it packaged, if not
> google for it) I use lsof to find out what is listening to TCP and UDP
> ports:
>
> lsof -P | grep UDP
> lsof -P | grep TCP
>
> YMMV
>
> Bruce
>
>
>
> _______________________________________________
> -- Bandwidth and Colocation Provided by http://www.api-digital.com --
>
> asterisk-users mailing list
> To UNSUBSCRIBE or update options visit:
>   http://lists.digium.com/mailman/listinfo/asterisk-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.digium.com/pipermail/asterisk-users/attachments/20090701/f57c23ff/attachment.htm

More information about the asterisk-users mailing list