Re: Strange foreign connections
On Wednesday 02 February 2005 17:01, Gene wrote: While running netstat I found these entries: Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp4 0 0 localhost.52730undernet1.blueyo.ircd ESTABLISHED tcp4 0 0 localhost.52398minotor.spale.co.ircd ESTABLISHED tcp4 0 0 localhost.60635bagan2.srce.hr.ircd ESTABLISHED The foreign addresses all show ircd at the end, but there is no irc clients or servers running and irc ports are blocked at the firewall. Does anyone have any idea what might be going on here? Gene Should anything foreign be connecting to localhost? All my foreign connections go from the machines IP in the LAN. -- /Xian Sometimes one pays most for the things one gets for nothing. Albert Einstein ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Strange foreign connections
On Wed, Feb 02, 2005 at 11:01:42AM -0600, Gene typed: While running netstat I found these entries: Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp4 0 0 localhost.52730undernet1.blueyo.ircd ESTABLISHED tcp4 0 0 localhost.52398minotor.spale.co.ircd ESTABLISHED tcp4 0 0 localhost.60635bagan2.srce.hr.ircd ESTABLISHED The foreign addresses all show ircd at the end, but there is no irc clients or servers running and irc ports are blocked at the firewall. Does anyone have any idea what might be going on here? I would assume your system is compromised, unless proven otherwise. Ruben ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Strange foreign connections
Gene wrote: While running netstat I found these entries: Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp4 0 0 localhost.52730undernet1.blueyo.ircd ESTABLISHED tcp4 0 0 localhost.52398minotor.spale.co.ircd ESTABLISHED tcp4 0 0 localhost.60635bagan2.srce.hr.ircd ESTABLISHED The foreign addresses all show ircd at the end, but there is no irc clients or servers running and irc ports are blocked at the firewall. Does anyone have any idea what might be going on here? You might try running 'sockstat' to get more info about these connections. It will provide you with user, command and PID info for each connected socket. --Tim Gene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: Strange foreign connections
What does netstat -na sockstat show ? I would not trust the DNS lookups in case someone is playing around with hosts/DNS ---Mike On Wed, 02 Feb 2005 11:01:42 -0600, in sentex.lists.freebsd.questions you wrote: While running netstat I found these entries: Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address(state) tcp4 0 0 localhost.52730undernet1.blueyo.ircd ESTABLISHED tcp4 0 0 localhost.52398minotor.spale.co.ircd ESTABLISHED tcp4 0 0 localhost.60635bagan2.srce.hr.ircd ESTABLISHED The foreign addresses all show ircd at the end, but there is no irc clients or servers running and irc ports are blocked at the firewall. Does anyone have any idea what might be going on here? Gene ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
