해킹 당한건지 .. 함 봐주세요
작성자 정보
- 김훈 작성
- 작성일
컨텐츠 정보
- 1,996 조회
- 0 추천
- 목록
본문
그렇게 해서는 확실히 해킹인지 알수가 없구요.
lsof를 설치하신것 같은데
다음과 같은 명령으로 해보세요.
lsof -i:(포트넘버)
예) lsof -i:6802
그럼 그 포트가 가지고 있는 PID를 얻을수 있습니다.
그럼
lsof -p PID
예) losf -p 12270(이것은 가정한것입니다)
이렇게 하시면 그 PID를 사용하는 프로그램이 무엇인지 실행경로가 어디인지
알수 있습니다. 그걸 한번 보시고 해킹인지 아닌지 판단해 보세요!
이창훈 님의 글
22/tcp open ssh
53/tcp open domain
80/tcp open http
110/tcp open pop-3
6802/tcp open unknown
8080/tcp open http-proxy
35817/tcp open unknown
35822/tcp open unknown
서버 포트 스캔 결과 입니다
지금 서비스 하고 있는건 ssh , web(apache) , named , smtp ,oracle , resin입니다
6802 ,35817 , 35822 세가지 포트가 무엇인지 백도어인지 ..
lsof | grep 6802
libhttpd. 893 root 7u IPv4 6277 TCP localhost.localdomain:37352->localhost.localdomain:6802 (CLOSE_WAIT)
java 908 root 9u IPv4 4725 TCP localhost.localdomain:6802 (LISTEN)
java 935 root 9u IPv4 4725 TCP localhost.localdomain:6802 (LISTEN)
java 936 root 9u IPv4 4725 TCP localhost.localdomain:6802 (LISTEN)
java 937 root 9u IPv4 4725 TCP localhost.localdomain:6802 (LISTEN)
java 938 root 9u IPv4 4725 TCP localhost.localdomain:6802 (LISTEN)
java 939 root 9u IPv4 4725 TCP localhost.localdomain:6802 (LISTEN)
java 940 root 9u IPv4 4725 TCP localhost.localdomain:6802 (LISTEN)
java 941 root 9u IPv4 4725 TCP localhost.localdomain:6802 (LISTEN)
java 942 root 9u IPv4 4725 TCP localhost.localdomain:6802 (LISTEN)
java 943 root 9u IPv4 4725 TCP localhost.localdomain:6802 (LISTEN)
java 944 root 9u IPv4 4725 TCP localhost.localdomain:6802 (LISTEN)
java 945 root 9u IPv4 4725 TCP localhost.localdomain:6802 (LISTEN)
java 946 root 9u IPv4 4725 TCP localhost.localdomain:6802 (LISTEN)
java 951 root 9u IPv4 4725 TCP localhost.localdomain:6802 (LISTEN)
java 952 root 9u IPv4 4725 TCP localhost.localdomain:6802 (LISTEN)
lsof | grep 35817
oracle 882 oracle 10u IPv4 4646 TCP *:35817 (LISTEN)
lsof| grep 35822
erl 905 root 0u IPv4 4693 TCP *:35822 (LISTEN)
java 908 root 4u IPv4 4723 TCP localhost.localdomain:35823->localhost.localdomain:35822 (ESTABLISHED)
java 935 root 4u IPv4 4723 TCP localhost.localdomain:35823->localhost.localdomain:35822 (ESTABLISHED)
java 936 root 4u IPv4 4723 TCP localhost.localdomain:35823->localhost.localdomain:35822 (ESTABLISHED)
java 937 root 4u IPv4 4723 TCP localhost.localdomain:35823->localhost.localdomain:35822 (ESTABLISHED)
java 938 root 4u IPv4 4723 TCP localhost.localdomain:35823->localhost.localdomain:35822 (ESTABLISHED)
java 939 root 4u IPv4 4723 TCP localhost.localdomain:35823->localhost.localdomain:35822 (ESTABLISHED)
java 940 root 4u IPv4 4723 TCP localhost.localdomain:35823->localhost.localdomain:35822 (ESTABLISHED)
java 941 root 4u IPv4 4723 TCP localhost.localdomain:35823->localhost.localdomain:35822 (ESTABLISHED)
java 942 root 4u IPv4 4723 TCP localhost.localdomain:35823->localhost.localdomain:35822 (ESTABLISHED)
java 943 root 4u IPv4 4723 TCP localhost.localdomain:35823->localhost.localdomain:35822 (ESTABLISHED)
java 944 root 4u IPv4 4723 TCP localhost.localdomain:35823->localhost.localdomain:35822 (ESTABLISHED)
java 945 root 4u IPv4 4723 TCP localhost.localdomain:35823->localhost.localdomain:35822 (ESTABLISHED)
java 946 root 4u IPv4 4723 TCP localhost.localdomain:35823->localhost.localdomain:35822 (ESTABLISHED)
java 951 root 4u IPv4 4723 TCP localhost.localdomain:35823->localhost.localdomain:35822 (ESTABLISHED)
java 952 root 4u IPv4 4723 TCP localhost.localdomain:35823->localhost.localdomain:35822 (ESTABLISHED)
관련자료
-
이전
-
다음
