Port 2707 Hacked by bigfoot trojan or legitimate used by emcsymapiport?

I would suggest against just using sockstat because that can become confusing quite fast because it basically mixes everything together which makes it easy to overlook items. Instead: sockstat -4l (assuming you're not using IPv6) is usually much easier. And to be honest I also don't necessarily agree with an out of bound port.

Have you already tried checks using, for example, security/rkhunter just to be sure here?

Also important: what FreeBSD version are you using?

It is good that I was reminded of rkhunter, because a few years ago I stopped using it (as a linux user) because there were so many false positives eveytime, but here in FreeBSF it seems to work nicely

I am using FreeBSD 11.1-RELEASE-p10

sockstat -4l
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
root sendmail 1018 3 tcp4 127.0.0.1:25 *:*
root sshd 1015 4 tcp4 *:22 *:*
vbox vboxwebsrv 975 9 tcp4 192.168.100.200:18083 *:*
root syslogd 800 7 udp4 *:514 *:*


rkhunter -c
System checks summary
=====================

File properties checks...
Files checked: 118
Suspect files: 0

Rootkit checks...
Rootkits checked : 477
Possible rootkits: 0

Applications checks...
All checks skipped

The system checks took: 43 seconds

All results have been written to the log file: /var/log/rkhunter.log

No warnings were found while checking the system.


So thanks, It looks like things are OK and I will not reinstall everything. I will just let my firewall block all my in- and outgoing traffic except for the ports I know I need.
 
Back
Top