[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] netstat -plven
- Subject: Re: [cobalt-security] netstat -plven
- From: Kevan Benson <kentrak@xxxxxxxxx>
- Date: Wed, 14 Mar 2001 10:05:52 -0800
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Looksok to me from a quick look, but don't take that as final. Compare the
ports programs are running on to the ports specified in /etc/services to see
what they are (for example, inetd is on port 143, that is supposed to be the
imap port, so that is most likely inetd listening for imap on that port).
Some weird ones like nsrexecd and nlservd are part tof the cobalt and should
be fine.
-KB
On Tuesday 13 March 2001 23:14, you wrote:
> please help..(not only sounds desperat)
>
> I now i have been posted and asked alot today but i have 150+ sites on that
> cobalt and I reported a hack and ordred disaster recovery from cobalt
> proffesional service. They called mi and they should begin at once but,
> now there has gone over 2 days. I try everything to resolve it, but I am a
> newbi and not skilled in this.
>
> This netstat i took right now:
>
> [root@www admin]# netstat -plven
> (Not all processes could be identified, non-owned process info
> will not be shown, you would have to be root to see it all.)
> Active Internet connections (only servers)
> Proto Recv-Q Send-Q Local Address Foreign Address State
> User Inode PID/Program name
>
> tcp 0 0 0.0.0.0:3001 0.0.0.0:* LISTEN
> 0 630510 25077/caspeng
> tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN
> 0 518585 3135/sendmail: ac
> ce
> tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN
> 0 40026 542/inetd
> tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN
> 0 40025 542/inetd
> tcp 0 0 0.0.0.0:7937 0.0.0.0:* LISTEN
> 0 785 888/nsrexecd
> tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN
> 0 743 863/mysqld
> tcp 0 0 0.0.0.0:7938 0.0.0.0:* LISTEN
> 0 736 886/nsrexecd
> tcp 0 0 0.0.0.0:3000 0.0.0.0:* LISTEN
> 0 656 779/caspd
> tcp 0 0 0.0.0.0:5101 0.0.0.0:* LISTEN
> 0 594 719/admdog
> tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
> 0 534 636/httpd
> tcp 0 0 0.0.0.0:81 0.0.0.0:* LISTEN
> 0 434 572/httpd
> tcp 0 0 0.0.0.0:444 0.0.0.0:* LISTEN
> 0 433 572/httpd
> tcp 0 0 0.0.0.0:617 0.0.0.0:* LISTEN
> 0 421 564/nlservd
> tcp 0 0 213.236.138.10:53 0.0.0.0:* LISTEN
> 0 403 554/named
> tcp 0 0 212.37.252.108:53 0.0.0.0:* LISTEN
> 0 401 554/named
> tcp 0 0 212.37.252.109:53 0.0.0.0:* LISTEN
> 0 399 554/named
> tcp 0 0 213.236.138.24:53 0.0.0.0:* LISTEN
> 0 397 554/named
> tcp 0 0 213.236.138.20:53 0.0.0.0:* LISTEN
> 0 395 554/named
> tcp 0 0 213.236.138.11:53 0.0.0.0:* LISTEN
> 0 393 554/named
> tcp 0 0 212.37.252.106:53 0.0.0.0:* LISTEN
> 0 391 554/named
> tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
> 0 389 554/named
> tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN
> 0 376 542/inetd
> tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
> 0 375 542/inetd
>
> udp 0 0 0.0.0.0:1460 0.0.0.0:*
> 0 269688 554/named
> udp 0 0 0.0.0.0:7938 0.0.0.0:*
> 0 735 886/nsrexecd
> udp 0 0 213.236.138.10:53 0.0.0.0:*
> 0 402 554/named
> udp 0 0 212.37.252.108:53 0.0.0.0:*
> 0 400 554/named
> udp 0 0 212.37.252.109:53 0.0.0.0:*
> 0 398 554/named
> udp 0 0 213.236.138.24:53 0.0.0.0:*
> 0 396 554/named
> udp 0 0 213.236.138.20:53 0.0.0.0:*
> 0 394 554/named
> udp 0 0 213.236.138.11:53 0.0.0.0:*
> 0 392 554/named
> udp 0 0 212.37.252.106:53 0.0.0.0:*
> 0 390 554/named
> udp 0 0 127.0.0.1:53 0.0.0.0:*
> 0 388 554/named
> udp 0 0 0.0.0.0:161 0.0.0.0:*
> 0 363 530/snmpd
> raw 0 0 0.0.0.0:1 0.0.0.0:* 7
> 0 0 -
> raw 0 0 0.0.0.0:6 0.0.0.0:* 7
> 0 0 -
>
> Active UNIX domain sockets (only servers)
> Proto RefCnt Flags Type State I-Node PID/Program name
> Path
> unix 0 [ ACC ] STREAM LISTENING 462 608/postmaster
> /tmp/.s.PGSQL.5583
> unix 0 [ ACC ] STREAM LISTENING 384 554/named
> /var/run/ndc
> unix 0 [ ACC ] STREAM LISTENING 745 863/mysqld
> /var/lib/mysql/mysql.sock
> netstat: no support for `AF IPX' on this system.
> netstat: no support for `AF AX25' on this system.
> netstat: no support for `AF NETROM' on this system.
>
> Can sombody tell me if there is somthing wrong here.?
> (raq3i, chili asp, php,mysql) Normal config)
>
> regards
>
>
> Kai R Schantz
> Euroweb AS
> Verksgaten 42
> N-4013 Stavanger
> Tlf:+47 51 89 64 64 fax:+47 51 89 56 41
> www.euroweb.no
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
--
- Kevan Benson
- Colocation and Hosting Product Manager
- Sonic.net, Inc.
- (707)522-1000 x219