Re: Security Breach ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am Mi, den 02.03.2005 schrieb Chris Strzelczyk um 22:53:

> processes with netstat -nap I found these to be scary:
> 
> tcp        0      0 204.11.33.35:110            198.88.119.254:23781    
>      TIME_WAIT   -
> tcp        0      0 204.11.33.35:37326          161.53.2.81:6667        
>      ESTABLISHED 16035/-bash
> tcp        0      0 204.11.33.35:110            198.88.119.254:23776    
>      TIME_WAIT   -
> tcp        0      0 204.11.33.35:110            198.88.119.254:23791    
>      TIME_WAIT   -
> tcp        0      0 204.11.33.35:110            198.88.119.254:23775    
>      TIME_WAIT   -
> tcp        0      0 204.11.33.35:110            198.88.119.254:23790    
>      TIME_WAIT   -
> tcp        0      0 204.11.33.35:110            198.88.119.254:23774    
>      TIME_WAIT   -
> tcp        0      0 204.11.33.35:37350          195.197.175.21:6667     
>      ESTABLISHED 16324/-bash
> tcp        0      0 204.11.33.35:37325          194.134.7.195:6667      
>      ESTABLISHED 16026/-bash
> tcp        0      0 204.11.33.35:110            198.88.119.254:23785    
>      TIME_WAIT   -
> 
> These established connections show -bash as the process running the 
> port.  I have firewalled these IP's
> off at my firewall, however, I can't find the root cause of this.  I 
> have ran chkrootkit and found nothing.  However,
> this is very scary.
> 
> Could anyone provide me some clues on how to proceed at this point with 
> my investigation.
> 
> -cs

Port 6667 is default standard port for an irc server. By any chance, do
you run Apache and a phpBB forum?

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.10-1.14_FC2smp 
Serendipity 23:40:52 up 9 days, 10:49, load average: 0.91, 0.56, 0.39 

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux