[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Hacker activity?

Subject: Re: [cobalt-security] Hacker activity?
From: John Sim <johns@xxxxxxxxx>
Date: Mon, 26 Feb 2001 09:40:51 +0000
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Wed, Feb 21, 2001 at 10:18:39AM -0000, Drage, Nicholas wrote:
> 
> Don't worry Rodrigo, these "hits" are merely your RaQ monitoring its
> services to see if they are still up and listening.
> 
> "127.0.0.1" refers to localhost, the host itself, in all TCP/IP
> implementations ( as far as I'm aware anyway ).  Might be worth you reading
> a TCP/IP primer or two.
> 
> Prompts a thought though, on the local machine surely there's an easier way
> to see if a port is listening that to make a TCP/IP connection to it?

Well, depends on what kind of monitoring you want.  You could check the
deamon/service was running, but this does not show that it is actually
binding to a port.  You could [as suggested] use netstat [or lsof] output to
check if a port was listed as "listening".

IIRC the monitoring is done this way to check that sensible data can be
fetched from the service so that a near certain "it's working, look I got
data!" style test can be performed.

-- 
John Sim
Systems Administrator
Interactive Services    o
Demon Internet @ Thus  o o

References:
- RE: [cobalt-security] Hacker activity?
  - From: Drage, Nicholas

Prev by Date: Re: [cobalt-security] security problem with bind version less than 8.2.3x on RAQ 1
Next by Date: [cobalt-security] OpenSSH
Previous by thread: RE: [cobalt-security] Hacker activity?
Next by thread: [cobalt-security] Re: [RAQ3i] Firewall Software

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index