[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] ps -aux sendmail and netstat
- Subject: Re: [cobalt-security] ps -aux sendmail and netstat
- From: shimi <shimi@xxxxxxxxxxxxxxxx>
- Date: Wed, 23 May 2001 23:58:06 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Wed, 23 May 2001, Carrie Bartkowiak wrote:
> I'm hoping someone can decipher this for me.
> When I run a netstat I get:
> tcp 0 53 www.mydomain:smtp 210.111.141.124:1709
> FIN_WAIT1
> This was "ESTABLISHED" until I stopped sendmail for a few minutes and
> then restarted it.
>
> and when I run a ps -aux I get:
> root 27833 0.0 1.0 2584 1308 ? S 14:15 0:00
> sendmail: accepting connections
> root 27837 0.0 1.1 2636 1448 ? S 14:15 0:00
> sendmail: q4/f4NA8a102794 mail.elvisisthebomb.com.: user open
>
> That last line WORRIES me. Have I been haqd?
> How can I tell what port this guy is running on, or how can I kill his
> connection? I can't find him with "top" because I can't get it to give
> me remote info.
>
> CarrieB
> (wishing this list posted faster - two days is ridiculous)
>
I think I already told you that...
netstat -pt
^^ (from root) will list all connections (which are not sockets) and the
process name and PID using them. then you just kill the PID.
if you want to not list hostnames coz they're too long, but IPs instead,
make it netstat -ptn.
HTH,
- shimi.