[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] netstat -plven
- Subject: [cobalt-security] netstat -plven
- From: "Kai Schantz, Euroweb" <kai@xxxxxxxxxx>
- Date: Wed, 14 Mar 2001 08:14:40 +0100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
please help..(not only sounds desperat)
I now i have been posted and asked alot today but i have 150+ sites on that
cobalt and I reported a hack and ordred disaster recovery from cobalt
proffesional service. They called mi and they should begin at once but, now
there has gone over 2 days. I try everything to resolve it, but I am a newbi
and not skilled in this.
This netstat i took right now:
[root@www admin]# netstat -plven
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
User Inode PID/Program name
tcp 0 0 0.0.0.0:3001 0.0.0.0:* LISTEN
0 630510 25077/caspeng
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
0 518585 3135/sendmail: ac
ce
tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
0 40026 542/inetd
tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
0 40025 542/inetd
tcp 0 0 0.0.0.0:7937 0.0.0.0:* LISTEN
0 785 888/nsrexecd
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
0 743 863/mysqld
tcp 0 0 0.0.0.0:7938 0.0.0.0:* LISTEN
0 736 886/nsrexecd
tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN
0 656 779/caspd
tcp 0 0 0.0.0.0:5101 0.0.0.0:* LISTEN
0 594 719/admdog
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
0 534 636/httpd
tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN
0 434 572/httpd
tcp 0 0 0.0.0.0:444 0.0.0.0:* LISTEN
0 433 572/httpd
tcp 0 0 0.0.0.0:617 0.0.0.0:* LISTEN
0 421 564/nlservd
tcp 0 0 213.236.138.10:53 0.0.0.0:* LISTEN
0 403 554/named
tcp 0 0 212.37.252.108:53 0.0.0.0:* LISTEN
0 401 554/named
tcp 0 0 212.37.252.109:53 0.0.0.0:* LISTEN
0 399 554/named
tcp 0 0 213.236.138.24:53 0.0.0.0:* LISTEN
0 397 554/named
tcp 0 0 213.236.138.20:53 0.0.0.0:* LISTEN
0 395 554/named
tcp 0 0 213.236.138.11:53 0.0.0.0:* LISTEN
0 393 554/named
tcp 0 0 212.37.252.106:53 0.0.0.0:* LISTEN
0 391 554/named
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
0 389 554/named
tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN
0 376 542/inetd
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
0 375 542/inetd
udp 0 0 0.0.0.0:1460 0.0.0.0:*
0 269688 554/named
udp 0 0 0.0.0.0:7938 0.0.0.0:*
0 735 886/nsrexecd
udp 0 0 213.236.138.10:53 0.0.0.0:*
0 402 554/named
udp 0 0 212.37.252.108:53 0.0.0.0:*
0 400 554/named
udp 0 0 212.37.252.109:53 0.0.0.0:*
0 398 554/named
udp 0 0 213.236.138.24:53 0.0.0.0:*
0 396 554/named
udp 0 0 213.236.138.20:53 0.0.0.0:*
0 394 554/named
udp 0 0 213.236.138.11:53 0.0.0.0:*
0 392 554/named
udp 0 0 212.37.252.106:53 0.0.0.0:*
0 390 554/named
udp 0 0 127.0.0.1:53 0.0.0.0:*
0 388 554/named
udp 0 0 0.0.0.0:161 0.0.0.0:*
0 363 530/snmpd
raw 0 0 0.0.0.0:1 0.0.0.0:* 7
0 0 -
raw 0 0 0.0.0.0:6 0.0.0.0:* 7
0 0 -
Active UNIX domain sockets (only servers)
Proto RefCnt Flags Type State I-Node PID/Program name
Path
unix 0 [ ACC ] STREAM LISTENING 462 608/postmaster
/tmp/.s.PGSQL.5583
unix 0 [ ACC ] STREAM LISTENING 384 554/named
/var/run/ndc
unix 0 [ ACC ] STREAM LISTENING 745 863/mysqld
/var/lib/mysql/mysql.sock
netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF NETROM' on this system.
Can sombody tell me if there is somthing wrong here.?
(raq3i, chili asp, php,mysql) Normal config)
regards
Kai R Schantz
Euroweb AS
Verksgaten 42
N-4013 Stavanger
Tlf:+47 51 89 64 64 fax:+47 51 89 56 41
www.euroweb.no