各位好
小弟的server (RedHat 7.2) 用netstat -ap 觀看 突然發現我的port 1524 有開啟
經由google 查詢的到是 ingreslock 請問一下這是後門程式嗎 要如何修復呢 搞了
一天了 還是沒輒
謝謝
:cry:
以下為我的server 的畫面抓下的資料 請各位大大幫幫忙
另外我用nmap localhost 並沒有看到 port 1524 port 開啟阿 怎麼會這樣勒
謝謝您的解答
Starting nmap V. 2.54BETA22 (
www.insecure.org/nmap/ )
Interesting ports on localhost (127.0.0.1):
(The 1535 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop-3
143/tcp open imap2
tcp 0 1 main.cst-asia.com:1573 203.225.3.223:1524 SYN_SENT 30478/synscan
tcp 0 1 main.cst-asia.com:1578 203.225.3.223:1524 SYN_SENT 30468/synscan
tcp 0 1 main.cst-asia.com:1589 203.225.4.184:1524 SYN_SENT 30494/synscan
tcp 0 1 main.cst-asia.com:1584 203.225.4.168:1524 SYN_SENT 30489/synscan
tcp 0 1 main.cst-asia.com:1607 203.225.5.85:1524 SYN_SENT 30513/synscan
tcp 0 1 main.cst-asia.com:1597 203.225.4.4:1524 SYN_SENT 30502/synscan
tcp 0 1 main.cst-asia.com:1541 203.225.3.204:1524 SYN_SENT 30445/synscan
tcp 0 1 main.cst-asia.com:1543 203.225.3.204:1524 SYN_SENT 30447/synscan
tcp 0 1 main.cst-asia.com:1571 203.225.3.236:1524 SYN_SENT 30476/synscan
tcp 0 1 main.cst-asia.com:1585 203.225.3.236:1524 SYN_SENT 30491/synscan
tcp 0 1 main.cst-asia.com:1608 203.225.4.187:1524 SYN_SENT 30514/synscan
tcp 0 1 main.cst-asia.com:1581 203.225.3.237:1524 SYN_SENT 30485/synscan
tcp 0 1 main.cst-asia.com:1561 203.225.3.221:1524 SYN_SENT 30465/synscan
tcp 0 1 main.cst-asia.com:1545 203.225.3.205:1524 SYN_SENT 30449/synscan
tcp 0 1 main.cst-asia.com:1562 203.225.3.221:1524 SYN_SENT 30466/synscan
tcp 0 1 main.cst-asia.com:1547 203.225.3.205:1524 SYN_SENT 30451/synscan
tcp 0 1 main.cst-asia.com:1603 203.225.4.186:1524 SYN_SENT 30509/synscan
tcp 0 1 main.cst-asia.com:1567 203.225.3.237:1524 SYN_SENT 30473/synscan
tcp 0 1 main.cst-asia.com:1557 203.225.4.122:1524 SYN_SENT 30461/synscan
tcp 0 1 main.cst-asia.c:support 202.224.226.126:1524
tcp 0 1 main.cst-asia.com:1586 203.225.3.242:1524 SYN_SENT 30490/synscan
tcp 0 1 main.cst-asia.com:1611 203.225.4.181:1524 SYN_SENT 30517/synscan
tcp 0 1 main.cst-asia.com:1577 203.225.4.165:1524 SYN_SENT 30482/synscan
tcp 0 1 main.cst-asia.com:1470 proxy.user.cc:1524 FIN_WAIT1 -
tcp 0 1 main.cst-asia.com:1565 203.225.4.149:1524 SYN_SENT 30471/synscan
tcp 0 1 main.cst-asia.com:1602 203.225.3.242:1524 SYN_SENT 30508/synscan
tcp 0 1 main.cst-asia.com:1559 203.225.4.123:1524 SYN_SENT 30463/synscan
tcp 0 1 main.cst-asia.com:1501 200.105.141.166:1524 SYN_SENT 30411/synscan
tcp 0 1 main.cst-asia.com:1492 200.105.141.166:1524 SYN_SENT 30401/synscan
tcp 0 1 main.cst-asia.com:1591 203.225.3.243:1524 SYN_SENT 30496/synscan
tcp 0 1 main.cst-asia.com:1515 www1.user.cc:1524 FIN_WAIT1 -
tcp 0 1 main.cst-asia.com:1499 www1.user.cc:1524 FIN_WAIT1 -
tcp 0 1 main.cst-asia.com:1576 203.225.4.164:1524 SYN_SENT 30481/synscan
tcp 0 1 main.cst-asia.com:1560 203.225.4.148:1524 SYN_SENT 30464/synscan
tcp 0 1 main.cst-asia.com:1596 203.225.4.180:1524 SYN_SENT 30500/synscan
tcp 0 1 main.cst-asia.com:1606 203.225.3.243:1524 SYN_SENT 30512/synscan
tcp 0 1 main.cst-asia.com:1613 203.225.5.89:1524 SYN_SENT 30518/synscan
tcp 0 1 main.cst-asia.com:1632 200.105.141.166:1524 SYN_SENT 30540/synscan
tcp 0 1 main.cst-asia.com:1633 200.105.141.166:1524 SYN_SENT 30539/synscan
tcp 0 1 main.cst-asia.com:1574 203.225.3.224:1524 SYN_SENT 30479/synscan
tcp 0 1 main.cst-asia.com:1592 203.225.3.224:1524 SYN_SENT