auth is local port 113 for the ident deamon. IF you use masq you should use a ident deamon that supports masq, oident for example.
A wild guess of mine is that these connections are the result of IRC connections... I don't know if there are ident exploits, but than again I'm not *that* informed... Regards, Onno At 06:34 PM 12/14/99 +0100, Robert Varga wrote: > >How can I determine the process belonging to a tcp connection on my >machine? I have a couple of connection which I find very unnerving: > >netstat -a | grep aiesec produces the output: > >tcp 0 0 mymachine:27567 aiesecplanet.satim:auth >ESTABLISHED >tcp 0 0 mymachine:27434 aiesecplanet.satim:auth >ESTABLISHED >tcp 0 0 mymachine:27426 aiesecplanet.satim:auth >ESTABLISHED >tcp 0 0 mymachine:27389 aiesecplanet.satim:auth >ESTABLISHED >tcp 0 0 mymachine:26779 aiesecplanet.satim:auth >ESTABLISHED >tcp 0 0 mymachine:1097 aiesecplanet.satim:auth >ESTABLISHED > >These connections mostly persist, so the port numbers are always the same >for a long time, until the connection dies. >There tend to be other connection attempts but they die quickly > >The connection to my port 1097 seems to be constant. > >I have nothing to do with the mentioned machine >(aiesecplanet.satimex.tvnet.hu). > >I have nothing listening on any of these ports (that I know of), and >nothing is listening there according to netstat -a. > >I had a misterious machine breakdown two days ago, when all services >(SMTP, TELNET, SQUID, FTP, POP3,...) refused connections, except for DNS. >To be more exact, the only tcp port under 4000 (I scanned to this number) >which was open was 53 (domain). > >I suspect a break-in occured. > >How can I find what communication is taking place on these connections? > >Robert Varga > > > > >-- >Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null > > >
