Is pfSense Infected? (xinetd 127.0.0.1:6969) Bittorrent port!!



  • Trying to solve a couple of other problems, and when I did a sockstat -l I found:

    root: sockstat -l
    USER    COMMAND    PID  FD PROTO  LOCAL ADDRESS        FOREIGN ADDRESS
    [snip]
    root    xinetd    14099 0  udp4  127.0.0.1:6969        :
    [snip]

    This binding has me worried as 6969 is a bittorrent tracker port, and I'm not running bittorrent. (That I know of!)

    This condition survives rebooting the pfSense box… other than a different PID, no change.

    I have pfSense connected to one Windows 8.1 PC.  LAN port is 192.168.1.0/24, and WAN port goes to the cable company switch/router which is 192.168.0.0/24 while I'm learning/testing.  I hope to ditch the switch and double NAT once I feel confident enough to move my whole system over.  The only connection between the Winbox and pfBox is the ssh connection that I'm running to do the sockstat.



  • That's the TFTP proxy, not bittorrent.



  • @cmb:

    That's the TFTP proxy, not bittorrent.

    Thanks, that puts my mind at ease.  Given that I have no need for TFTP, and I occasionally will use bittorrent, can I easily turn TFTP off, and will doing so cause any problems other than not being able to network boot devices from pfSense?

    Thanks.


Log in to reply