NFS mai impostato ma figura tra i processi

Informazioni, consigli e novità sulla galassia delle distribuzioni GNU/Linux, *nix, *BSD e su altri sistemi operativi non liberi.
Scrivi risposta
Avatar utente
el merendeiro
Prode Principiante
Messaggi: 68
Iscrizione: sabato 30 gennaio 2016, 18:43
Desktop: Mate
Distribuzione: Ubuntu Mate 16.04 x86_64
Sesso: Maschile

NFS mai impostato ma figura tra i processi

Messaggio da el merendeiro »

Ciao a tutti,

il dubbio riguarda Debian 8 (stable), ma spero che sappiate darmi ugualmente qualche dritta.

La premessa è che dieci giorni fa mi è arrivata la notifica di un accesso sull'account Google da un cellulare non mio; cambio la password dell'account, quella del wifi e poi anche quella di un altro account mail. Dopo un paio di giorni non riesco più ad accedere al secondo account, forse mi è stata cambiata la password. Sto cercando di capire come sia successo: mi è stato consigliato di controllare se ho un keylogger sul PC; comunque l'unico punto relativamente debole era la password del wifi.

In ogni caso tra varie verifiche dettate da un evidente delirio paranoico ho lanciato nmap, che mi dice:

Codice: Seleziona tutto

ninjasnail@tank:~$ nmap -A 192.168.1.105

Starting Nmap 6.47 ( http://nmap.org ) at 2017-01-10 17:21 CET
Nmap scan report for 192.168.1.105
Host is up (0.00053s latency).
Not shown: 999 closed ports
PORT    STATE SERVICE VERSION
111/tcp open  rpcbind 2-4 (RPC #100000)
| rpcinfo: 
|   program version   port/proto  service
|   100000  2,3,4        111/tcp  rpcbind
|   100000  2,3,4        111/udp  rpcbind
|   100024  1          32980/udp  status
|_  100024  1          54693/tcp  status
Leggendo che rpc è utilizzato per servizi da remoto ho dato ps aux, ed effettivamente c'è un processo "nfsiod" e vari rpc, ai PID 443-466:

Codice: Seleziona tutto

ninjasnail@tank:~$ ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0 176376  2828 ?        Ss   09:44   0:01 /sbin/init
root         2  0.0  0.0      0     0 ?        S    09:44   0:00 [kthreadd]
root         3  0.0  0.0      0     0 ?        S    09:44   0:05 [ksoftirqd/0]
root         5  0.0  0.0      0     0 ?        S<   09:44   0:00 [kworker/0:0H]
root         7  0.0  0.0      0     0 ?        S    09:44   0:13 [rcu_sched]
root         8  0.0  0.0      0     0 ?        S    09:44   0:00 [rcu_bh]
root         9  0.0  0.0      0     0 ?        S    09:44   0:00 [migration/0]
root        10  0.0  0.0      0     0 ?        S    09:44   0:00 [watchdog/0]
root        11  0.0  0.0      0     0 ?        S    09:44   0:00 [watchdog/1]
root        12  0.0  0.0      0     0 ?        S    09:44   0:00 [migration/1]
root        13  0.0  0.0      0     0 ?        S    09:44   0:06 [ksoftirqd/1]
root        15  0.0  0.0      0     0 ?        S<   09:44   0:00 [kworker/1:0H]
root        16  0.0  0.0      0     0 ?        S<   09:44   0:00 [khelper]
root        17  0.0  0.0      0     0 ?        S    09:44   0:00 [kdevtmpfs]
root        18  0.0  0.0      0     0 ?        S<   09:44   0:00 [netns]
root        19  0.0  0.0      0     0 ?        S    09:44   0:00 [khungtaskd]
root        20  0.0  0.0      0     0 ?        S<   09:44   0:00 [writeback]
root        21  0.0  0.0      0     0 ?        SN   09:44   0:00 [ksmd]
root        22  0.0  0.0      0     0 ?        SN   09:44   0:00 [khugepaged]
root        23  0.0  0.0      0     0 ?        S<   09:44   0:00 [crypto]
root        24  0.0  0.0      0     0 ?        S<   09:44   0:00 [kintegrityd]
root        25  0.0  0.0      0     0 ?        S<   09:44   0:00 [bioset]
root        26  0.0  0.0      0     0 ?        S<   09:44   0:00 [kblockd]
root        29  0.0  0.0      0     0 ?        S    09:44   0:06 [kswapd0]
root        30  0.0  0.0      0     0 ?        S<   09:44   0:00 [vmstat]
root        31  0.0  0.0      0     0 ?        S    09:44   0:00 [fsnotify_mark]
root        37  0.0  0.0      0     0 ?        S<   09:44   0:00 [kthrotld]
root        38  0.0  0.0      0     0 ?        S<   09:44   0:00 [ipv6_addrconf]
root        39  0.0  0.0      0     0 ?        S<   09:44   0:00 [deferwq]
root        76  0.0  0.0      0     0 ?        S    09:44   0:00 [khubd]
root        77  0.0  0.0      0     0 ?        S<   09:44   0:00 [acpi_thermal_pm]
root        79  0.0  0.0      0     0 ?        S<   09:44   0:00 [kpsmoused]
root        80  0.0  0.0      0     0 ?        S<   09:44   0:00 [ata_sff]
root        81  0.0  0.0      0     0 ?        S    09:44   0:00 [scsi_eh_0]
root        82  0.0  0.0      0     0 ?        S<   09:44   0:00 [scsi_tmf_0]
root        83  0.0  0.0      0     0 ?        S    09:44   0:00 [scsi_eh_1]
root        84  0.0  0.0      0     0 ?        S<   09:44   0:00 [scsi_tmf_1]
root        85  0.0  0.0      0     0 ?        S    09:44   0:00 [scsi_eh_2]
root        86  0.0  0.0      0     0 ?        S<   09:44   0:00 [scsi_tmf_2]
root        87  0.0  0.0      0     0 ?        S    09:44   0:00 [scsi_eh_3]
root        88  0.0  0.0      0     0 ?        S<   09:44   0:00 [scsi_tmf_3]
root        89  0.0  0.0      0     0 ?        S    09:44   0:00 [scsi_eh_4]
root        90  0.0  0.0      0     0 ?        S<   09:44   0:00 [scsi_tmf_4]
root        91  0.0  0.0      0     0 ?        S    09:44   0:00 [scsi_eh_5]
root        92  0.0  0.0      0     0 ?        S<   09:44   0:00 [scsi_tmf_5]
root       105  0.0  0.0      0     0 ?        S<   09:44   0:00 [kworker/1:1H]
root       106  0.0  0.0      0     0 ?        S<   09:44   0:01 [kworker/0:1H]
root       125  0.0  0.0      0     0 ?        S    09:44   0:00 [scsi_eh_6]
root       126  0.0  0.0      0     0 ?        S<   09:44   0:00 [scsi_tmf_6]
root       127  0.0  0.0      0     0 ?        S    09:44   0:00 [usb-storage]
root       130  0.0  0.0      0     0 ?        S    09:45   0:00 [jbd2/sda1-8]
root       131  0.0  0.0      0     0 ?        S<   09:45   0:00 [ext4-rsv-conver]
root       162  0.0  0.0      0     0 ?        S    09:45   0:00 [kauditd]
root       169  0.0  0.1  33072  5472 ?        Ss   09:45   0:01 /lib/systemd/systemd-journald
root       176  0.0  0.0  41844  1248 ?        Ss   09:45   0:01 /lib/systemd/systemd-udevd
root       237  0.0  0.0      0     0 ?        S<   09:45   0:00 [hd-audio0]
root       278  0.0  0.0      0     0 ?        S<   09:45   0:00 [cfg80211]
systemd+   289  0.0  0.0 104164  1160 ?        Ssl  09:45   0:00 /lib/systemd/systemd-timesyncd
root       443  0.0  0.0  37152  1328 ?        Ss   09:45   0:00 /sbin/rpcbind -w
statd      452  0.0  0.0  37280   952 ?        Ss   09:45   0:00 /sbin/rpc.statd
root       457  0.0  0.0      0     0 ?        S<   09:45   0:00 [rpciod]
root       459  0.0  0.0      0     0 ?        S<   09:45   0:00 [nfsiod]
root       466  0.0  0.0  23356     0 ?        Ss   09:45   0:00 /usr/sbin/rpc.idmapd
root       469  0.0  0.0  25824  1508 ?        Ss   09:45   0:00 /usr/lib/bluetooth/bluetoothd
root       470  0.0  0.1 276208  4576 ?        Ssl  09:45   0:00 /usr/lib/accountsservice/accounts-daemon
root       473  0.0  0.0 336284  2808 ?        Ssl  09:45   0:00 /usr/sbin/ModemManager
root       474  0.0  0.1 504932  5276 ?        Ssl  09:45   0:05 /usr/sbin/NetworkManager --no-daemon
daemon     475  0.0  0.0  19024   680 ?        Ss   09:45   0:00 /usr/sbin/atd -f
root       476  0.0  0.0  27504  1100 ?        Ss   09:45   0:00 /usr/sbin/cron -f
root       478  0.0  0.0  28368  1216 ?        Ss   09:45   0:00 /lib/systemd/systemd-logind
avahi      483  0.0  0.0  32220  1096 ?        Ss   09:45   0:00 avahi-daemon: running [tank.local]
message+   484  0.0  0.0  43160  2312 ?        Ss   09:45   0:03 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activ
avahi      503  0.0  0.0  32100    16 ?        S    09:45   0:00 avahi-daemon: chroot helper
root       505  0.0  0.0   4236    36 ?        Ss   09:45   0:00 /usr/sbin/minissdpd -i 0.0.0.0
root       523  0.0  0.0 258672  1324 ?        Ssl  09:45   0:00 /usr/sbin/rsyslogd -n
root       526  0.0  0.0  71836  1164 ?        Ss   09:45   0:00 /usr/sbin/cups-browsed
root       549  0.0  0.0   4256   972 ?        Ss   09:45   0:00 /usr/sbin/acpid
root       553  0.0  0.1 281664  4748 ?        Ssl  09:45   0:00 /usr/lib/policykit-1/polkitd --no-debug
root       555  0.0  0.0  14416   888 tty1     Ss+  09:45   0:00 /sbin/agetty --noclear tty1 linux
root       576  0.0  0.0 366236  3632 ?        Ssl  09:45   0:00 /usr/sbin/gdm3
root       778  4.4  0.5 224580 22292 tty7     Ss+  09:45  20:25 /usr/bin/Xorg :0 -novtswitch -background none -noreset -verbose 3 -auth /var/run/gdm3
colord     779  0.0  0.1 307356  5416 ?        Ssl  09:45   0:00 /usr/lib/colord/colord
root       796  0.0  0.0  31020  2696 ?        Ss   09:45   0:00 /sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
Debian-+   799  0.0  0.0  53240  1180 ?        Ss   09:45   0:00 /usr/sbin/exim4 -bd -q30m
Debian-+   879  0.0  0.0  35632  1480 ?        Ss   09:45   0:00 /lib/systemd/systemd --user
Debian-+   880  0.0  0.0  52284   436 ?        S    09:45   0:00 (sd-pam)  
root       911  0.0  0.0 238792  3924 ?        Ssl  09:45   0:00 /usr/lib/upower/upowerd
Debian-+   948  0.0  0.0 361388  3500 ?        Sl   09:45   0:00 /usr/bin/pulseaudio --start --log-target=syslog
rtkit      949  0.0  0.0 168780  1308 ?        SNsl 09:45   0:00 /usr/lib/rtkit/rtkit-daemon
root      1011  0.0  0.0 381860  2968 ?        Ssl  09:45   0:00 /usr/lib/packagekit/packagekitd
root      1227  0.0  0.0  86508  1900 ?        Ss   09:50   0:00 /usr/sbin/cupsd -f
root      1336  0.0  0.0 390112  3868 ?        Sl   10:17   0:00 gdm-session-worker [pam/gdm-password]
ninjasn+  1339  0.0  0.0  35632  1712 ?        Ss   10:18   0:00 /lib/systemd/systemd --user
ninjasn+  1340  0.0  0.0 199748   708 ?        S    10:18   0:00 (sd-pam)  
ninjasn+  1344  0.0  0.0 282204  2632 ?        Sl   10:18   0:00 /usr/bin/gnome-keyring-daemon --daemonize --login
ninjasn+  1347  0.0  0.1 600552  5432 ?        Ssl  10:18   0:00 x-session-manager
ninjasn+  1384  0.0  0.0  10700   336 ?        Ss   10:18   0:00 /usr/bin/ssh-agent /usr/bin/dbus-launch --exit-with-session x-session-manager
ninjasn+  1387  0.0  0.0  24372   792 ?        S    10:18   0:00 /usr/bin/dbus-launch --exit-with-session x-session-manager
ninjasn+  1388  0.0  0.0  43060  2348 ?        Ss   10:18   0:02 /usr/bin/dbus-daemon --fork --print-pid 5 --print-address 7 --session
ninjasn+  1391  0.0  0.0 337720  2716 ?        Sl   10:18   0:00 /usr/lib/at-spi2-core/at-spi-bus-launcher
ninjasn+  1395  0.0  0.0  42256  1600 ?        S    10:18   0:00 /usr/bin/dbus-daemon --config-file=/etc/at-spi2/accessibility.conf --nofork --print-a
ninjasn+  1398  0.0  0.0 125224  2168 ?        Sl   10:18   0:02 /usr/lib/at-spi2-core/at-spi2-registryd --use-gnome-session
ninjasn+  1408  0.0  0.3 1031976 14364 ?       Sl   10:18   0:04 /usr/lib/gnome-settings-daemon/gnome-settings-daemon
ninjasn+  1423  0.0  0.0 210032  3244 ?        Sl   10:18   0:00 /usr/lib/gvfs/gvfsd
ninjasn+  1426  0.1  0.1 367752  4168 ?        Sl   10:18   0:45 /usr/bin/pulseaudio --start
ninjasn+  1431  0.0  0.0 355164  3248 ?        Sl   10:18   0:00 /usr/lib/gvfs/gvfsd-fuse /run/user/1000/gvfs -f -o big_writes
ninjasn+  1444  0.0  0.0   4336   108 ?        S    10:18   0:00 /bin/sh /usr/bin/start-pulseaudio-x11
ninjasn+  1445  0.0  0.0  19712  2328 ?        S    10:18   0:00 /usr/bin/xprop -root -spy
ninjasn+  1447  0.0  0.0 451216  3884 ?        Sl   10:18   0:00 /usr/lib/gvfs/gvfs-udisks2-volume-monitor
root      1449  0.0  0.1 369720  4004 ?        Ssl  10:18   0:06 /usr/lib/udisks2/udisksd --no-debug
ninjasn+  1458  0.0  0.0 206720  2900 ?        Sl   10:18   0:00 /usr/lib/gvfs/gvfs-mtp-volume-monitor
ninjasn+  1462  0.0  0.0 215800  3136 ?        Sl   10:18   0:00 /usr/lib/gvfs/gvfs-gphoto2-volume-monitor
ninjasn+  1466  0.0  0.0 300300  3108 ?        Sl   10:18   0:00 /usr/lib/gvfs/gvfs-afc-volume-monitor
ninjasn+  1471  0.0  0.0 202764  2388 ?        Sl   10:18   0:00 /usr/lib/gvfs/gvfs-goa-volume-monitor
ninjasn+  1474  0.0  0.1 644148  6568 ?        Sl   10:18   0:00 /usr/lib/gnome-online-accounts/goa-daemon
ninjasn+  1480  0.0  0.1 308228  4168 ?        Sl   10:18   0:00 /usr/lib/telepathy/mission-control-5
ninjasn+  1482  3.2  8.1 1914844 322808 ?      Sl   10:18  13:55 /usr/bin/gnome-shell
ninjasn+  1491  0.0  0.2 244756 10948 ?        Sl   10:18   0:00 /usr/lib/gnome-settings-daemon/gsd-locate-pointer
ninjasn+  1493  0.0  0.0  25332  1452 ?        S    10:18   0:00 syndaemon -i 1.0 -t -K -R
ninjasn+  1498  0.0  0.0 393220  3944 ?        Sl   10:18   0:00 /usr/lib/gnome-settings-daemon/gsd-printer
ninjasn+  1509  0.0  0.1 535980  7272 ?        Sl   10:18   0:01 /usr/lib/gnome-shell/gnome-shell-calendar-server
ninjasn+  1513  0.0  0.1 673396  6684 ?        SLl  10:18   0:01 /usr/lib/evolution/evolution-source-registry
ninjasn+  1527  0.0  0.3 860916 12232 ?        SNl  10:18   0:13 /usr/lib/tracker/tracker-miner-fs
ninjasn+  1529  0.0  0.4 812584 16932 ?        Sl   10:18   0:00 /usr/lib/evolution/3.12/evolution-alarm-notify
ninjasn+  1534  0.0  0.3 465252 12044 ?        Sl   10:18   0:11 /usr/lib/tracker/tracker-store
ninjasn+  1538  0.0  0.1 378128  5424 ?        SNl  10:18   0:00 /usr/lib/tracker/tracker-miner-apps
ninjasn+  1544  0.0  0.1 304104  4732 ?        SNl  10:18   0:00 /usr/lib/tracker/tracker-miner-user-guides
ninjasn+  1545  0.0  0.4 944100 16424 ?        Sl   10:18   0:03 nautilus -n
ninjasn+  1548  0.0  0.3 520008 12140 ?        Sl   10:18   0:01 nm-applet
ninjasn+  1555  0.0  0.1 541280  5328 ?        Sl   10:18   0:00 zeitgeist-datahub
ninjasn+  1557  0.0  0.0 453252  3704 ?        Sl   10:18   0:00 /usr/lib/deja-dup/deja-dup-monitor
ninjasn+  1561  0.0  0.0 358428  3764 ?        Sl   10:18   0:00 /usr/bin/zeitgeist-daemon
ninjasn+  1563  0.0  0.3 229852 12192 ?        Sl   10:18   0:00 /usr/bin/python /usr/share/system-config-printer/applet.py
ninjasn+  1569  0.0  0.6 1266760 25924 ?       SNl  10:18   0:02 /usr/lib/tracker/tracker-extract
ninjasn+  1575  0.2  1.6 1484576 66716 ?       Sl   10:18   1:00 /usr/lib/evolution/evolution-calendar-factory
ninjasn+  1580  0.0  0.1 334848  5160 ?        Sl   10:18   0:00 /usr/lib/x86_64-linux-gnu/zeitgeist-fts
ninjasn+  1605  0.0  0.0   5964    80 ?        S    10:18   0:00 /bin/cat
ninjasn+  1617  0.0  0.0  52204  2736 ?        S    10:18   0:00 /usr/lib/x86_64-linux-gnu/gconf/gconfd-2
root      1647  0.0  0.0  11220  1544 ?        Ss   10:18   0:00 /sbin/mount.ntfs /dev/sdb1 /media/ninjasnail/34F215CE3F1B8F3D -o rw,nodev,nosuid,uid=
ninjasn+  1662  0.0  0.0 511696  3356 ?        Sl   10:18   0:00 /usr/lib/gvfs/gvfsd-trash --spawner :1.8 /org/gtk/gvfs/exec_spaw/0
ninjasn+  1675  0.0  0.0 283764  3196 ?        Sl   10:18   0:00 /usr/lib/gvfs/gvfsd-burn --spawner :1.8 /org/gtk/gvfs/exec_spaw/1
ninjasn+  1683  0.0  0.0 131080  3244 ?        Sl   10:18   0:00 /usr/lib/gvfs/gvfsd-metadata
ninjasn+  1822  0.0  0.0 178700  3048 ?        Sl   10:20   0:03 /usr/lib/dconf/dconf-service
ninjasn+  1989  0.3  4.4 3071676 176736 ?      Sl   10:32   1:36 evolution
ninjasn+  2043  0.0  0.1 822296  5684 ?        Sl   10:33   0:00 /usr/lib/evolution/evolution-addressbook-factory
ninjasn+  2255  0.0  0.0 215760  3264 ?        Sl   10:39   0:00 /usr/lib/gvfs/gvfsd-http --spawner :1.8 /org/gtk/gvfs/exec_spaw/2
root      4784  0.0  0.0      0     0 ?        S<   14:12   0:00 [kworker/u9:0]
root      4785  0.0  0.0      0     0 ?        S<   14:12   0:00 [hci0]
root      4786  0.0  0.0      0     0 ?        S<   14:12   0:00 [hci0]
root      4787  0.0  0.0      0     0 ?        S<   14:12   0:00 [kworker/u9:1]
root      4811  0.0  0.1  25404  7676 ?        S    14:12   0:00 /sbin/dhclient -d -q -sf /usr/lib/NetworkManager/nm-dhcp-helper -pf /var/run/dhclient
ninjasn+  4949  0.0  0.0 140276  2608 ?        Sl   14:12   0:00 /usr/lib/libreoffice/program/oosplash
ninjasn+  4968  0.2  1.4 1292628 55864 ?       Sl   14:12   0:27 /usr/lib/libreoffice/program/soffice.bin --splash-pipe=5
ninjasn+  5005 10.9  5.0 1178108 198464 ?      Rl   14:16  20:26 firefox-esr
root      5560  0.0  0.0      0     0 ?        S    16:31   0:01 [kworker/u8:2]
clamav    6255  0.6  0.1 101752  4744 ?        Ss   16:41   0:16 /usr/bin/freshclam -d --foreground=true
ninjasn+  6323  1.0  0.5 426280 23052 ?        Sl   16:43   0:25 /usr/lib/gnome-terminal/gnome-terminal-server
ninjasn+  6326  0.0  0.0  14692  1012 ?        S    16:43   0:00 gnome-pty-helper
ninjasn+  6327  0.0  0.0  23416  2840 pts/0    Ss   16:43   0:00 bash
ninjasn+  6338 87.2 11.3 568368 449136 pts/0   R+   16:43  34:52 clamscan -r /
root      6347  0.0  0.0      0     0 ?        S    16:46   0:00 [kworker/1:0]
root      6432  0.0  0.0      0     0 ?        S    17:01   0:00 [kworker/0:3]
root      6480  0.0  0.0      0     0 ?        S    17:10   0:00 [kworker/0:0]
root      6486  0.0  0.0      0     0 ?        S    17:11   0:00 [kworker/1:1]
root      6503  0.0  0.0      0     0 ?        S    17:13   0:00 [kworker/u8:0]
root      6527  0.0  0.0      0     0 ?        S    17:18   0:00 [kworker/u8:1]
root      6529  0.0  0.0      0     0 ?        S    17:19   0:00 [kworker/1:2]
root      6534  0.0  0.0      0     0 ?        S    17:19   0:00 [kworker/0:1]
ninjasn+  6539  0.0  0.1  23416  5040 pts/1    Ss   17:20   0:00 bash
ninjasn+  6553  0.0  0.0  19100  2336 pts/1    R+   17:23   0:00 ps aux
È normale che siano attivi questi servizi pur non avendoli mai impostati?

(Tra l'altro se qualcuno ha anche qualche dritta sulla questione generale, ovvero su come hanno fatto a fregarmi 'ste password e sulle verifiche da fare gliene sarei grato :) )
Ritorna su
Avatar utente
el merendeiro
Prode Principiante
Messaggi: 68
Iscrizione: sabato 30 gennaio 2016, 18:43
Desktop: Mate
Distribuzione: Ubuntu Mate 16.04 x86_64
Sesso: Maschile

Re: NFS mai impostato ma figura tra i processi

Messaggio da el merendeiro »

Tanto per ri-uppare, per controllare se ho un NFS montato a mia insaputa ho dato showmount -e:

Codice: Seleziona tutto

root@tank:/home/ninjasnail# showmount -e
clnt_create: RPC: Program not registered
Posto anche l'output di netstat dato all'avvio del PC (solo la parte iniziale relativa a tcp e udp, ovvero senza la parte "Active UNIX domain sockets (servers and established))":

Codice: Seleziona tutto

root@tank:/home/ninjasnail# netstat -ap
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 localhost:ipp           *:*                     LISTEN      758/cupsd       
tcp        0      0 localhost:smtp          *:*                     LISTEN      773/exim4       
tcp        0      0 *:46884                 *:*                     LISTEN      453/rpc.statd   
tcp        0      0 *:sunrpc                *:*                     LISTEN      444/rpcbind     
tcp        0      0 tank:48222              mil04s29-in-f3.1e:https ESTABLISHED 1452/firefox-esr
tcp6       0      0 localhost:ipp           [::]:*                  LISTEN      758/cupsd       
tcp6       0      0 localhost:smtp          [::]:*                  LISTEN      773/exim4       
tcp6       0      0 [::]:43487              [::]:*                  LISTEN      453/rpc.statd   
tcp6       0      0 [::]:sunrpc             [::]:*                  LISTEN      444/rpcbind     
tcp6       1      0 localhost:59922         localhost:ipp           CLOSE_WAIT  759/cups-browsed
udp        0      0 *:619                   *:*                                 444/rpcbind     
udp        0      0 localhost:629           *:*                                 453/rpc.statd   
udp        0      0 *:ipp                   *:*                                 759/cups-browsed
udp        0      0 *:56541                 *:*                                 284/systemd-timesyn
udp        0      0 *:mdns                  *:*                                 487/avahi-daemon: r
udp        0      0 *:1900                  *:*                                 518/minissdpd   
udp        0      0 *:44955                 *:*                                 487/avahi-daemon: r
udp        0      0 *:65503                 *:*                                 833/dhclient    
udp        0      0 *:bootpc                *:*                                 833/dhclient    
udp        0      0 *:43112                 *:*                                 453/rpc.statd   
udp        0      0 *:sunrpc                *:*                                 444/rpcbind     
udp6       0      0 [::]:619                [::]:*                              444/rpcbind     
udp6       0      0 [::]:mdns               [::]:*                              487/avahi-daemon: r
udp6       0      0 [::]:61057              [::]:*                              833/dhclient    
udp6       0      0 [::]:36612              [::]:*                              487/avahi-daemon: r
udp6       0      0 [::]:sunrpc             [::]:*                              444/rpcbind     
udp6       0      0 [::]:43324              [::]:*                              453/rpc.statd   
raw6       0      0 [::]:ipv6-icmp          [::]:*                  7           475/NetworkManager
Come sopra, il dubbio è: è normale avere tutti questi servizi che usano rpc (e relative porte aperte) all'avvio del computer, senza aver mai impostato nessun servizio remoto?
(Riguardo la questione generale del furto password, ho scoperto di aver ricevuto varie mail di phishing che si spacciavano per Paypal; mi è stato detto che spesso anche solo seguendo i link si ricevono rootkit e simili, e non sono così sicuro di non averlo fatto).
Ritorna su
Scrivi risposta

Ritorna a “Altre distribuzioni e sistemi operativi”

Chi c’è in linea

Visualizzano questa sezione: 0 utenti iscritti e 5 ospiti