[Techtalk] Port question
mgmonza at sdf.lonestar.org
mgmonza at sdf.lonestar.org
Wed Oct 29 04:51:47 UTC 2014
Hi, all,
I'm afraid this is a pretty basic question, but here goes:
I may have picked up some kind of intruder, or even intruders, who has
taken over a lot of the higher numbered ports on my Ubuntu box.
A representative set of lines from iftop look like this:
(none of these ip addresses is mine)
none.local:35930 => iad23s07-in-f1.1e100.net:www 0b
none.local:43850 => yk-in-f101.1e100.net:www 0b
none.local:33935 => 67.220.127.199:https 0b
Does this mean someone's sending from those ports on my machine? At least
one of the addresses is in the Netherlands.
I did find one page on how to close UDP ports, and did that, but then this
started up with the high order ones.
IPTables seems like it should be the way to do what I want, but I've yet
to find a tutorial I can wrap my head around.
Any suggestions? Or any good tutorial for the IP-challenged?
Thanks -
Updated to add: just did a search on "close ports in Linux" and was about
to open one of the links returned, when that whole set in Icecat shut
down. Now I'm really depressed - looks like it may be worse than I
thought.
MG
More information about the Techtalk
mailing list