[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] [RaQ3i] interesting hack symptoms
- Subject: Re: [cobalt-security] [RaQ3i] interesting hack symptoms
- From: "James Hoaggs" <james_hoaggs@xxxxxxxxxx>
- Date: Thu, 02 Nov 2000 21:45:59 -0800
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
>
> Also, I was just experimenting with this command:
> netstat -ap | grep LISTEN
>
> and before it displays the list of listening connections, it tells
> me
> this:
> [root@www admin]# netstat -ap | grep LISTEN
> (Not all processes could be identified, non-owned process info
> will not be shown, you would have to be root to see it all.)
>
> which I think is kind of strange, as I >am< logged in as root!
You have to have the machine with an active Internet connection to make
the netstat -ap | LISTEN to work.
I tried the command as a regular user on my RH 6.2 box with kernel 2.2.16
I upgraded, and it gave me all the ports while connected to the Internet.
I disconnected my ethernet to an internal network not connected to the
Internet then su'd to root, and I got the same message you did. Then,
I fully logged out and logged back in as root and got your error message
again. I then su'd to a normal user and get : (No info could be read
for "-p": geteuid()=500 but you should be root.). I then fully logged
out and logged back in as a regular user with an acitve Internet connection
and now get all the ports visible like I did the first time, though I
noticed that it is giving mixed results, like sometimes it only shows
2 items listening like 9081/java and 9135/deskguide_appl, and then later
it will show 8 items like the above but with 9132/gen_util_apple, 9083/gmc,
9070/panel, 9067/gnome-name-ser, 9055/magicdev, 9030/gnome-session all
on ports in the 4800 range. I'm using the RH Gnome desktop that throws
me out of x windows at least twice a day.
Hope that helps a little
--
James Hoaggs ICQ #96365505
james_hoaggs@xxxxxxxxxx - email
(408) 380-2271 x8024 - voicemail/fax
__________________________________________________
FREE voicemail, email, and fax...all in one place.
Sign Up Now! http://www.onebox.com