Re: Security Breach ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Apache yes but no phpBB.

I an running a combo or nmap / nessus / chkrootkit on this server now. I guess I wish I would have installed tripwire to, cause now
I am super paranoid.


Thanks for the help.

-cs
On Mar 2, 2005, at 5:41 PM, Alexander Dalloz wrote:

Am Mi, den 02.03.2005 schrieb Chris Strzelczyk um 22:53:

processes with netstat -nap I found these to be scary:

tcp        0      0 204.11.33.35:110            198.88.119.254:23781
     TIME_WAIT   -
tcp        0      0 204.11.33.35:37326          161.53.2.81:6667
     ESTABLISHED 16035/-bash
tcp        0      0 204.11.33.35:110            198.88.119.254:23776
     TIME_WAIT   -
tcp        0      0 204.11.33.35:110            198.88.119.254:23791
     TIME_WAIT   -
tcp        0      0 204.11.33.35:110            198.88.119.254:23775
     TIME_WAIT   -
tcp        0      0 204.11.33.35:110            198.88.119.254:23790
     TIME_WAIT   -
tcp        0      0 204.11.33.35:110            198.88.119.254:23774
     TIME_WAIT   -
tcp        0      0 204.11.33.35:37350          195.197.175.21:6667
     ESTABLISHED 16324/-bash
tcp        0      0 204.11.33.35:37325          194.134.7.195:6667
     ESTABLISHED 16026/-bash
tcp        0      0 204.11.33.35:110            198.88.119.254:23785
     TIME_WAIT   -

These established connections show -bash as the process running the
port.  I have firewalled these IP's
off at my firewall, however, I can't find the root cause of this.  I
have ran chkrootkit and found nothing.  However,
this is very scary.

Could anyone provide me some clues on how to proceed at this point with
my investigation.


-cs

Port 6667 is default standard port for an irc server. By any chance, do you run Apache and a phpBB forum?

Alexander


-- Alexander Dalloz | Enger, Germany | GPG http://pgp.mit.edu 0xB366A773 legal statement: http://www.uni-x.org/legal.html Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.10-1.14_FC2smp Serendipity 23:40:52 up 9 days, 10:49, load average: 0.91, 0.56, 0.39 -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux