[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] socks & sunrpc on a netstat?

Subject: [cobalt-security] socks & sunrpc on a netstat?
From: "Carrie Bartkowiak" <ravencarrie@xxxxxxxx>
Date: Sun, 22 Apr 2001 00:31:58 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hey guys...
I found this 'socks' connection tonight, and a 'sunrpc' connection
when I did a netstat. Could y'all take a look and tell me if something
looks fishy?
I don't have DNS or Telnet enabled on the machine, although I am
running SSH2 and just recently within the past week turned on the ASP
server.

(the cx84809-h.chspk.1 is me connected to the machine, and obviously
the server's ip has been changed for the list...)
[root web]# netstat
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address           Foreign Address
State
tcp        0      0 11.11.111.138:www       cache-dh03.proxy.a:1775
TIME_WAIT
tcp        0      0 11.11.111.150:smtp      hh.egroups.com:34134
TIME_WAIT
tcp        0    252 www.mydomain.:ssh       cx84809-h.chspk1.v:2453
ESTABLISHED
tcp        0      0 www.mydomain:imap2    cx84809-h.chspk1.v:2449
ESTABLISHED
tcp        0   2305 11.11.111.150:www       11-158.075.popsite:1744
FIN_WAIT1
tcp        0  22997 11.11.111.150:www       11-158.075.popsite:1740
FIN_WAIT1
tcp       10      0 11.11.111.132:socks     adsl-64-164-36-1.d:3448
CLOSE_WAIT
tcp       10      0 11.11.111.133:socks     adsl-64-164-36-1.d:3449
CLOSE_WAIT
tcp       10      0 11.11.111.131:socks     adsl-64-164-36-1.d:3447
CLOSE_WAIT
tcp       10      0 11.11.111.129:socks     adsl-64-164-36-1.d:3445
CLOSE_WAIT
tcp        1      0 www.mydomain:socks    ppp-32.dialup-14.w:4117
CLOSE_WAIT
tcp        0      0 11.11.111.137:www       A010-0064.EUGN.spl:2646
SYN_RECV
tcp        9      0 www.mydomain:socks    pool0184.cvx2-brad:4813
CLOSE
tcp        1      0 localhost:1485              localhost:5102
CLOSE_WAIT
tcp        1      0 localhost:1481              localhost:5102
CLOSE_WAIT
tcp        0      0 11.11.111.143:sunrpc    203.199.42.101:2109
ESTABLISHED
tcp        0      0 11.11.111.137:sunrpc    203.199.42.101:2103
ESTABLISHED
tcp        0      0 11.11.111.132:sunrpc    203.199.42.101:2098
ESTABLISHED
tcp        0      0 11.11.111.140:sunrpc    203.199.42.101:2106
ESTABLISHED
tcp        0      0 11.11.111.134:sunrpc    203.199.42.101:2100
ESTABLISHED
tcp        0      0 www.mydomain:sunrpc 207.20.133.40:4135
ESTABLISHED
tcp        0      0 www.mydomain:3612     rs2.arin.net:whois
ESTABLISHED
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  4      [ ]         DGRAM                    702    /dev/log
unix  0      [ ]         STREAM     CONNECTED     4122452 @0001114f
unix  0      [ ]         STREAM     CONNECTED     5441032 @000169be
unix  0      [ ]         DGRAM                    5742657
unix  0      [ ]         DGRAM                    5441075
unix  0      [ ]         DGRAM                    1097
unix  0      [ ]         DGRAM                    711

Thanks...
CarrieB

Follow-Ups:
- Re: [cobalt-security] socks & sunrpc on a netstat?
  - From: shimi

Prev by Date: Re: [cobalt-security] (no subject)
Next by Date: Re: [cobalt-security] Better get all the patches in ASAP - Chinese Hackers article
Previous by thread: [cobalt-security] Autoreply: cobalt-security digest, Vol 1 #310 - 1 msg
Next by thread: Re: [cobalt-security] socks & sunrpc on a netstat?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index