Is pfSense Infected? (xinetd 127.0.0.1:6969) Bittorrent port!!
-
Trying to solve a couple of other problems, and when I did a sockstat -l I found:
root: sockstat -l
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
[snip]
root xinetd 14099 0 udp4 127.0.0.1:6969 :
[snip]This binding has me worried as 6969 is a bittorrent tracker port, and I'm not running bittorrent. (That I know of!)
This condition survives rebooting the pfSense box… other than a different PID, no change.
I have pfSense connected to one Windows 8.1 PC. LAN port is 192.168.1.0/24, and WAN port goes to the cable company switch/router which is 192.168.0.0/24 while I'm learning/testing. I hope to ditch the switch and double NAT once I feel confident enough to move my whole system over. The only connection between the Winbox and pfBox is the ssh connection that I'm running to do the sockstat.
-
That's the TFTP proxy, not bittorrent.
-
@cmb:
That's the TFTP proxy, not bittorrent.
Thanks, that puts my mind at ease. Given that I have no need for TFTP, and I occasionally will use bittorrent, can I easily turn TFTP off, and will doing so cause any problems other than not being able to network boot devices from pfSense?
Thanks.