Re: unidentified TCP connections
auth is local port 113 for the ident deamon.
IF you use masq you should use a ident deamon
that supports masq, oident for example.
A wild guess of mine is that these connections
are the result of IRC connections...
I don't know if there are ident exploits, but
than again I'm not *that* informed...
Regards,
Onno
At 06:34 PM 12/14/99 +0100, Robert Varga wrote:
>
>How can I determine the process belonging to a tcp connection on my
>machine? I have a couple of connection which I find very unnerving:
>
>netstat -a | grep aiesec produces the output:
>
>tcp 0 0 mymachine:27567 aiesecplanet.satim:auth
>ESTABLISHED
>tcp 0 0 mymachine:27434 aiesecplanet.satim:auth
>ESTABLISHED
>tcp 0 0 mymachine:27426 aiesecplanet.satim:auth
>ESTABLISHED
>tcp 0 0 mymachine:27389 aiesecplanet.satim:auth
>ESTABLISHED
>tcp 0 0 mymachine:26779 aiesecplanet.satim:auth
>ESTABLISHED
>tcp 0 0 mymachine:1097 aiesecplanet.satim:auth
>ESTABLISHED
>
>These connections mostly persist, so the port numbers are always the same
>for a long time, until the connection dies.
>There tend to be other connection attempts but they die quickly
>
>The connection to my port 1097 seems to be constant.
>
>I have nothing to do with the mentioned machine
>(aiesecplanet.satimex.tvnet.hu).
>
>I have nothing listening on any of these ports (that I know of), and
>nothing is listening there according to netstat -a.
>
>I had a misterious machine breakdown two days ago, when all services
>(SMTP, TELNET, SQUID, FTP, POP3,...) refused connections, except for DNS.
>To be more exact, the only tcp port under 4000 (I scanned to this number)
>which was open was 53 (domain).
>
>I suspect a break-in occured.
>
>How can I find what communication is taking place on these connections?
>
>Robert Varga
>
>
>
>
>--
>Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
>
>
>
Reply to: