[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] ps -aux sendmail and netstat

Subject: [cobalt-security] ps -aux sendmail and netstat
From: "Carrie Bartkowiak" <ravencarrie@xxxxxxxx>
Date: Wed, 23 May 2001 15:37:23 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

I'm hoping someone can decipher this for me.
When I run a netstat I get:
tcp        0     53 www.mydomain:smtp 210.111.141.124:1709
FIN_WAIT1
This was "ESTABLISHED" until I stopped sendmail for a few minutes and
then restarted it.

and when I run a ps -aux I get:
root     27833  0.0  1.0  2584 1308 ?        S    14:15   0:00
sendmail: accepting connections
root     27837  0.0  1.1  2636 1448 ?        S    14:15   0:00
sendmail: q4/f4NA8a102794 mail.elvisisthebomb.com.: user open

That last line WORRIES me. Have I been haqd?
How can I tell what port this guy is running on, or how can I kill his
connection? I can't find him with "top" because I can't get it to give
me remote info.

CarrieB
(wishing this list posted faster - two days is ridiculous)

Follow-Ups:
- Re: [cobalt-security] ps -aux sendmail and netstat
  - From: baltimoremd
- Re: [cobalt-security] ps -aux sendmail and netstat
  - From: shimi

References:
- [cobalt-security] promisc and Cobalt kernel
  - From: Gossi The Dog

Prev by Date: Re: [cobalt-security] promisc and Cobalt kernel
Next by Date: Re: [cobalt-security] promisc and Cobalt kernel
Previous by thread: Re: [cobalt-security] promisc and Cobalt kernel
Next by thread: Re: [cobalt-security] ps -aux sendmail and netstat

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index