[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: suspicious netstat ouput



On Sat, Apr 21, 2001 at 03:47:59AM -0400, hpknight wrote:
> > Then I did a "find / -inum 127022" but there is no file with that
> > inode. Uh oh. That can't be good either. The firewall runs an old redhat
> > 6.2 install (haven't converted everything to debian, but I'm working on
> > it!) with most everything turned off, as seen from the netstat output.
> 
> A faster way to find out what is using that port would be lsof.  For
> example:
> 
> lsof -i udp:1112
> 
Thanks, I've used lsof but didn't realize it applied to network connections as well.

> Do you log any OUTGOING packets?  
> 
No, but I will try to get some nifty rules set up know that you mention it. The firewall itself should
never make outgoing connections, so I can start there.

> I know rpm has some verify functions that will help pick out binaries that
> have been modified from their original state.  Maybe it's just time to
> wipe the system clean and install Debian ;)
> 
And that really is the bottom line. Time to install Debian..........

-- 
Jonathan Freiermuth
jon@gnatfart.com

Attachment: pgps1HClvPClf.pgp
Description: PGP signature


Reply to: