[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] [RaQ3i] interesting hack symptoms

> 
> Also, I was just experimenting with this command:
>     netstat -ap | grep LISTEN
> 
> and before it displays the list of listening connections, it tells
> me
> this:
>     [root@www admin]# netstat -ap | grep LISTEN
>     (Not all processes could be identified, non-owned process info
>      will not be shown, you would have to be root to see it all.)
> 
> which I think is kind of strange, as I >am< logged in as root!
You have to have the machine with an active Internet connection to make
the netstat -ap | LISTEN to work. 
I tried the command as a regular user on my RH 6.2 box with kernel 2.2.16
I upgraded, and it gave me all the ports while connected to the Internet.
 I disconnected my ethernet to an internal network not connected to the
Internet then su'd to root, and I got the same message you did.  Then,
I fully logged out and logged back in as root and got your error message
again.  I then su'd to a normal user and get : (No info could be read
for "-p": geteuid()=500 but you should be root.). I then fully logged
out and logged back in as a regular user with an acitve Internet connection
and now get all the ports visible like I did the first time, though I
noticed that it is giving mixed results, like sometimes it only shows
2 items listening like 9081/java and 9135/deskguide_appl, and then later
it will show 8 items like the above but with 9132/gen_util_apple, 9083/gmc,
9070/panel, 9067/gnome-name-ser, 9055/magicdev, 9030/gnome-session all
on ports in the 4800 range. I'm using the RH Gnome desktop that throws
me out of x windows at least twice a day.
Hope that helps a little
-- 
James Hoaggs   ICQ #96365505
james_hoaggs@xxxxxxxxxx - email
(408) 380-2271 x8024 - voicemail/fax


__________________________________________________
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com