Quoting Minh Van Le <[EMAIL PROTECTED]>: > I totally forgot about netstat ! > > I do believe I've been owned ... > > [root@f1 04:06:53 ppp]# netstat -pant |grep 443 > tcp 0 0 0.0.0.0:443 0.0.0.0:* > LISTEN > 1591/httpd > > [root@f1 04:06:59 ppp]# netstat -pant |grep 6667 > tcp 0 0 202.7.95.227:1057 64.35.57.81:6667 > ESTABLISHED 1617/syslogd > tcp 0 0 202.7.95.227:1087 64.35.57.81:6667 > ESTABLISHED 1617/syslogd > tcp 0 0 202.7.95.227:1076 64.35.57.81:6667 > ESTABLISHED 1617/syslogd > tcp 0 0 202.7.95.227:1034 64.35.57.81:6667 > ESTABLISHED 1617/syslogd > tcp 0 0 202.7.95.227:1054 64.35.57.81:6667 > ESTABLISHED 1617/syslogd > tcp 0 0 202.7.95.227:1046 64.35.57.81:6667 > ESTABLISHED 1617/syslogd > tcp 0 0 202.7.95.227:4471 64.35.57.81:6667 > ESTABLISHED - > tcp 0 0 202.7.95.227:4496 64.35.57.81:6667 > ESTABLISHED - > tcp 0 0 202.7.95.227:4757 64.35.57.81:6667 > ESTABLISHED 1617/syslogd > tcp 0 0 202.7.95.227:4909 64.35.57.81:6667 > ESTABLISHED - > tcp 0 0 202.7.95.227:4893 64.35.57.81:6667 > ESTABLISHED - > tcp 0 0 202.7.95.227:4878 64.35.57.81:6667 > ESTABLISHED 1617/syslogd > tcp 0 0 202.7.95.227:4864 64.35.57.81:6667 > ESTABLISHED 1617/syslogd > tcp 0 0 202.7.95.227:3289 64.35.57.81:6667 > ESTABLISHED - > tcp 0 0 202.7.95.227:2660 64.35.57.81:6667 > ESTABLISHED 1617/syslogd > tcp 0 0 202.7.95.227:2629 64.35.57.81:6667 > ESTABLISHED - > tcp 0 0 202.7.95.227:2636 64.35.57.81:6667 > ESTABLISHED 1617/syslogd > tcp 0 0 202.7.95.227:2654 64.35.57.81:6667 > ESTABLISHED 1617/syslogd > tcp 0 0 202.7.95.227:2914 64.35.57.81:6667 > ESTABLISHED - > tcp 0 0 202.7.95.227:2916 64.35.57.81:6667 > ESTABLISHED - > > Does the above look like the IRC server is connected to my syslogd ?
No, your connecting to someone else's irc server, as you already found out from your first email. As I said, you have been owned. Disconnect the machine ASAP, and rebuild. -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
