03-05-2010
So it's a connection from localhost to localhost ??
The only time I've seen port 9325 beeing malicius is as UDP port, where the Mstream trojan uses it.
Problems would arrise when it was a listening port (netstat -ln)
10 More Discussions You Might Find Interesting
1. UNIX for Advanced & Expert Users
Hi,
We have developed a server program using TCP/IP Communication to communicate with another client program. After running for some days we find the TCP/IP connection from the server program is getting slower.
What i mean to say is since the send() function in the server program (it is... (2 Replies)
Discussion started by: rajesh_puru
2 Replies
2. UNIX for Dummies Questions & Answers
Hi,
Users are connecting thru a KCML Client to UNIX machine, and I want to know which TCP/UDP port that client uses? How can I check the port of a user logged in?
Regards,
Tayyab (2 Replies)
Discussion started by: tayyabq8
2 Replies
3. UNIX for Advanced & Expert Users
Hi Experts,
need help about release or refresh TCP Connection:
i have the sample like below :
application log connection:
0500 ( 192.168.0.1:36053) 00919 2007/05/10 23:30:25 112 13 2007/05/10 23:30:25 1969/12/31 17:00:00
0500 ( 192.168.0.1:36054) 00920 2007/05/10 23:30:26 000 00... (3 Replies)
Discussion started by: bucci
3 Replies
4. Shell Programming and Scripting
Hello,
I am trying to write a script in Perl which will send some data from a UNIX Box to a windows box. I am planning to create a TCP/IP communication port for the same. How do I go about this? Kindly help.
Regards,
Garric (50 Replies)
Discussion started by: garric
50 Replies
5. Programming
Hello. I would like to know how to close an existing tcp socket. I have read some stuff and learned how to create a socket and then close it but have not found anything about how to close an existing tcp socket created by another application. The situation is this: I have an ODBC server running and... (6 Replies)
Discussion started by: raidzero
6 Replies
6. Solaris
Hi,
I use solaris Unix .
I find there is some problem in application and it generate many "close-wait" tcp connect and stay in the server . it is generate by process id 7740
root@XX # netstat -an | grep CLOSE_WAIT | wc -l
285
root@XX # netstat -an | grep CLOSE_WAIT
10.158.35.4.34805 ... (2 Replies)
Discussion started by: abcdef
2 Replies
7. Red Hat
Hello,
I want to know the disconnection time of my broadband tcp/ip connection as it got disconnected while downloading data.
I use Vuze bit torrent client and JDownloader .
I use broadband internet connection and my os is slack 11. The problem I have been facing for last 2/3 days that my... (1 Reply)
Discussion started by: vectrum
1 Replies
8. Programming
Hi.
I am writing client - server application using TCP sockets.
I need some very basic functionality, namely: how to check if another "participant" of the connection is still present?
I want to handle situations, when client is gone, or server breaks down, etc. (25 Replies)
Discussion started by: Shang
25 Replies
9. UNIX for Dummies Questions & Answers
I am trying to send json messages to a port on a linux server from a remote server running a .net program. I have one implementation running with successful incoming messages to port 1514. I tried to replicate the same thing but just to another port but cannot get it to work as I get the following... (3 Replies)
Discussion started by: unienewbie
3 Replies
10. Red Hat
HI
We have some Red Hat Linux Sevres which is having TCP connection timeout, not SSH connection, as an example oracle connection connected from TOD.
SSH i managed to add keepalive and it's working fine (1 Reply)
Discussion started by: bentech4u
1 Replies
LEARN ABOUT DEBIAN
blackhole
BLACKHOLE(4) BSD Kernel Interfaces Manual BLACKHOLE(4)
NAME
blackhole -- a sysctl(8) MIB for manipulating behaviour in respect of refused TCP or UDP connection attempts
SYNOPSIS
sysctl net.inet.tcp.blackhole[=[0 | 1 | 2]]
sysctl net.inet.udp.blackhole[=[0 | 1]]
DESCRIPTION
The blackhole sysctl(8) MIB is used to control system behaviour when connection requests are received on TCP or UDP ports where there is no
socket listening.
Normal behaviour, when a TCP SYN segment is received on a port where there is no socket accepting connections, is for the system to return a
RST segment, and drop the connection. The connecting system will see this as a ``Connection refused''. By setting the TCP blackhole MIB to
a numeric value of one, the incoming SYN segment is merely dropped, and no RST is sent, making the system appear as a blackhole. By setting
the MIB value to two, any segment arriving on a closed port is dropped without returning a RST. This provides some degree of protection
against stealth port scans.
In the UDP instance, enabling blackhole behaviour turns off the sending of an ICMP port unreachable message in response to a UDP datagram
which arrives on a port where there is no socket listening. It must be noted that this behaviour will prevent remote systems from running
traceroute(8) to a system.
The blackhole behaviour is useful to slow down anyone who is port scanning a system, attempting to detect vulnerable services on a system.
It could potentially also slow down someone who is attempting a denial of service attack.
WARNING
The TCP and UDP blackhole features should not be regarded as a replacement for firewall solutions. Better security would consist of the
blackhole sysctl(8) MIB used in conjuction with one of the available firewall packages.
This mechanism is not a substitute for securing a system. It should be used together with other security mechanisms.
SEE ALSO
ip(4), tcp(4), udp(4), ipf(8), ipfw(8), pfctl(8), sysctl(8)
HISTORY
The TCP and UDP blackhole MIBs first appeared in FreeBSD 4.0.
AUTHORS
Geoffrey M. Rehmet
BSD
January 1, 2007 BSD