How to close suspicious port 999 garcon, is it malware?
9,803
The name you see actually comes from /etc/services file which maps port numbers to well-known service names.
glad the lsof command worked.
Author by
f0nz
Updated on September 18, 2022Comments
-
f0nz over 1 year
On Mac OSX, I ran the command
nmap localhost
and I found I have this suspicious open port:999/tcp open garcon
Then I tried to see if there is an associated process, but nothing shows up with
lsof -i | grep 999
.Two questions:
- Does any body know if this is could be a key-logger/trojan?
- How can I close the port?
[Edit] The right command is
sudo lsof -i :999
and then I can see the process
rpc.rquot 704 root 6u IPv4 0xc899fa4ad7097125 0t0 TCP *:garcon (LISTEN)
Now after reading http://linux.die.net/man/8/rpc.rquotad
I suspect that maybe is a port open by fuse4x, or fuse4x-kext-
ganesh almost 11 yearsMalware can use any name it wants, however there is at least one program named garcon which is not malware. Cat /var/db/pkg/garcon-0.2.1/+DESC Garcon is an implementation of the freedesktop.org menu specification replacing the former Xfce menu library libxfce4menu. It is based on GLib/GIO only and aims at covering the entire specification except for legacy menus. WWW: xfce.org