[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] ps -aux sendmail and netstat
- Subject: [cobalt-security] ps -aux sendmail and netstat
- From: "Carrie Bartkowiak" <ravencarrie@xxxxxxxx>
- Date: Wed, 23 May 2001 15:37:23 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
I'm hoping someone can decipher this for me.
When I run a netstat I get:
tcp 0 53 www.mydomain:smtp 210.111.141.124:1709
FIN_WAIT1
This was "ESTABLISHED" until I stopped sendmail for a few minutes and
then restarted it.
and when I run a ps -aux I get:
root 27833 0.0 1.0 2584 1308 ? S 14:15 0:00
sendmail: accepting connections
root 27837 0.0 1.1 2636 1448 ? S 14:15 0:00
sendmail: q4/f4NA8a102794 mail.elvisisthebomb.com.: user open
That last line WORRIES me. Have I been haqd?
How can I tell what port this guy is running on, or how can I kill his
connection? I can't find him with "top" because I can't get it to give
me remote info.
CarrieB
(wishing this list posted faster - two days is ridiculous)