# Macos – How to close suspicious port 999 garcon, is it malware

macosnmapportSecurity

On Mac OSX, I ran the command
nmap localhost
and I found I have this suspicious open port:

999/tcp open garcon

Then I tried to see if there is an associated process, but nothing shows up with
lsof -i | grep 999.

Two questions:

• Does any body know if this is could be a key-logger/trojan?
• How can I close the port?

The right command is

sudo lsof -i :999

and then I can see the process

rpc.rquot 704 root 6u IPv4 0xc899fa4ad7097125 0t0 TCP *:garcon (LISTEN)