Hi all, im new to the Linux world and have just installed shorewall, not sure if I have been hacked already though. if I do netstat -a, I get the following tcp chetnet.co.uk:http adsl-66-84-17:49796 syn_recv and also *:32768 listening :909 listening /dev/gpmctl /tmp/.font-unix/f57100 /dev/log If I have been hacked how do I stop it, Regards Chet ---------------------------------------------------------------------------------------------------------------- Remember, the consumption of alcohol may lead you to believe that your ex-girlfriend wants you to call them at four in the morning
On Thu, 11 Apr 2002, chet wrote:> Hi all, im new to the Linux world and have just installed shorewall, not sure if I have been hacked already though. > > if I do netstat -a, I get the following > > tcp chetnet.co.uk:http adsl-66-84-17:49796 syn_recv > > and also > *:32768 listening > :909 listening > /dev/gpmctl > /tmp/.font-unix/f57100 > /dev/log > If I have been hacked how do I stop it, >Relax -- nothing in that output is out of the ordinary. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Tom Eastep wrote:> On Thu, 11 Apr 2002, chet wrote: > > > Hi all, im new to the Linux world and have just installed shorewall, not sure if I have been hacked already though. > > > > if I do netstat -a, I get the following > > > > tcp chetnet.co.uk:http adsl-66-84-17:49796 syn_recvThis one just means that the host noted has connected to your web server.> > and also > > *:32768 listening > > :909 listening > > ... > > If I have been hacked how do I stop it,The generic answer to that question is to reinstall from clean media, apply vendor security patches, and restore data (not programs) from backup. Check out the security incidents mailing list at http://www.securityfocus.com.> Relax -- nothing in that output is out of the ordinary.What are 909 & 32768? I''ve not seen 909, and certainly 32768 cannot be a normal service. Paul http://paulgear.webhop.net
On Fri, 12 Apr 2002, Paul Gear wrote:> > What are 909 & 32768? I''ve not seen 909, and certainly 32768 cannot be a normal service. >On my box, 32768 is being listened by rpc.statd -- 909 might be worth a look with "netstat -nap --tcp". -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net