HPE Community
Operating System - Linux
1819836 Members
2721 Online
109607 Solutions
New Discussion юеВ

Re: unknown port 8081

 
tuhintt
Occasional Contributor

тАО05-06-2005 07:09 PM

тАО05-06-2005 07:09 PM

unknown port 8081

recently i found in my linux box there is a unknown port is running on listen mode and so many host conneted to it. the port is 8081. so to solve the problem i stop all my service except dns(bind). but still this 8082 port is running include 80,443. but i stop my http. what is wrong? pls Help.
0 Kudos
Reply
8 REPLIES 8
Ermin Borovac
Honored Contributor

тАО05-06-2005 07:44 PM

тАО05-06-2005 07:44 PM

Re: unknown port 8081

You can find out PID and program name of the program listening on the port 8081 with (must run this as root to use -p option)

# netstat -nlp | grep :8081

In the example below you can see PID 3283 (sshd) is listening on port 22.

# netstat -nlp | grep :22
tcp 0 0 :::22 :::* LISTEN 3283/sshd
0 Kudos
Reply
renarios
Trusted Contributor

тАО05-06-2005 10:37 PM

тАО05-06-2005 10:37 PM

Re: unknown port 8081

I just ran into another forum (http://mail.zope.org/pipermail/zope/2002-December/127421.html) where they speak about a zope server using port 8021 for ftp.

You might take a glance at it.

Cheerio,

Renarios
Nothing is more successfull as failure
0 Kudos
Reply
Andrew Cowan
Honored Contributor

тАО05-07-2005 11:54 PM

тАО05-07-2005 11:54 PM

Re: unknown port 8081

Hi Tuhintt,

Try running "lsof -i" t osee which program is using this port.
0 Kudos
Reply
Gopi Sekar
Honored Contributor

тАО05-08-2005 06:28 PM

тАО05-08-2005 06:28 PM

Re: unknown port 8081


from /etc/services the 8081 port is generally used by Transparent proxy service. if you are running some proxy servers on your system then they might be using this port.

but thats not the case always as any program can bind to this port and listen for connections.

do check 'netstat -atp | grep 8081' to find out process name. ofcourse you have to be root to do this.

Hope this helps,
Gopi
Never Never Never Giveup
0 Kudos
Reply
Bejoy C Alias
Respected Contributor

тАО05-09-2005 12:53 AM

тАО05-09-2005 12:53 AM

Re: unknown port 8081

The 8081 port is used for transparent proxying. But it is not always true that this port is used by only ur normal web server running on port 80 . If u had Trend Micro Suites ( IMSS , IWSS ) installed , then the program which uses this port is nothing other than this. Try to find out the process which is using this port using
netstat -anp |grep 8081 ,
then traceout the processes which is using the port by
ps -ef |grep ,
In netstat it will only show "httpd" , to traceout which httpd ( not the normal httpd server ) is using this port the ps command will help .
Be Always Joy ......
0 Kudos
Reply
tuhintt
Occasional Contributor

тАО05-09-2005 04:02 PM

тАО05-09-2005 04:02 PM

Re: unknown port 8081

Thank to all, but I check and I find out some unknown user using this port from outside. First they connect to port 80 and then get out through 8081. And I figure out they r using my server for spamming to outside.
So I stop my http(Apache) completely.

I don't know how they did it, and that's I want to know because I don't want them to do this to my server again.
0 Kudos
Reply
Gopi Sekar
Honored Contributor

тАО05-09-2005 05:38 PM

тАО05-09-2005 05:38 PM

Re: unknown port 8081


looks like security breach. first get your server out of network, they might have put in some other backdoor to login even if you stop httpd process.

best would be to reinstall the entire OS with newer version which contains security fixes, because they might have installed some sort of rootkit to modify application to suite their needs.

Never Never Never Giveup
0 Kudos
Reply
Stuart Browne
Honored Contributor

тАО05-09-2005 06:05 PM

тАО05-09-2005 06:05 PM

Re: unknown port 8081

Yes.. At the very least you need to make sure your server is up-to-date with security updates.

If it's a RH or Fedora box, there are regular security releases. If it's so old that it's gone to legacy, then you need to upgrade the distribution so something that is actively maintained.

Suse and Debian distributions also have regular updates, as do all major distributions.

Second thing is firewall. Make sure only those services of which you want publically accessable, are publically accessable. For instance, if you aren't using 'https://', either make sure 'mod_ssl' isn't enabled in your apache config, or make sure it's firewalled out.

Also check what other services are running on your machine (netstat -nutlp) and figure out which are or are not supposed to be available to the world.
One long-haired git at your service...
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.