linux-What to do when a strange port is found

The problem occurs in the background :

Generally in the new job need to their own company's entire IT environment to have a general understanding, in 1-2 months after the opening of the port to have a clear understanding of what the port is to do, whether it is illegal to open the port, I have to know otherwise by the unknown Trojan through a strange port to black off the embarrassment. Therefore, as operations personnel need to the company's every machine open port has a clear understanding, but also have to face the unfamiliar port how to determine the port corresponding to how the service, the service is illegal and other capabilities.

commands that need to be used :

SS-TNL shows all TCP ports that have been monitored

lsof-i : Port shows all processes that open the port

Working example:

One day, through SS-TNL, I found a port that I didn't know I was listening to.

650) this.width=650; "src=" Https://s1.51cto.com/wyfs02/M00/9D/FD/wKiom1mJlnSwC9PIAABZpAHJxnM449.jpg "title=" 4d47511da712423982928064f3d4689c.jpg "alt=" Wkiom1mjlnswc9piaabzpahjxnm449.jpg "/>

For Port 49994 I don't know what it is, so use the Lsof-i command to see which processes are open on that port.

The port that corresponds to the RPC.STATD command is found here.

(If prompted without the command remember Yum install-y lsof)

If you do not know rpc.statd, a very simple way is Baidu

Baidu can know that the command is a process of the Nfslock service, if you want to close the port only need to shut down the Nfslock service can

Service Nfslock Stop

Re-execute SS-TNL discovery 49994 Port disappears

If you encounter an unknown port in the future, you can use the above method to judge.

This article is from "Zhang Fan-it's fantasy drifting" blog, please be sure to keep this source http://chawan.blog.51cto.com/9179874/1954596

linux-What to do when a strange port is found