I concur. You might also want to run chkrootkit (security/chkrootkit) to
see if you've been "0wned" so to speak.
On Tue, 7 Jun 2005, Bob Bomar wrote:
kalin mintchev wrote:
|
| hi all...
|
| i found this 2 lines in the netstat output on one of my machines. we are
| not running ircd and according to nmap ports 3483 and 2143 are closed...
|
| can somebody please explain?? thanks.....
|
| tcp4 0 0 server.3484 zagreb.hr.eu.und.ircd
| ESTABLISHED
| tcp4 0 0 server.2143 free.tyranz.com.ircd
| ESTABLISHED
Are you running any kind of irc client? The output means:
There are 2 connections, one on port 3484, and another on 2143
connected to zagreb.hr.eu.und and free.tyranz.com on the port
for ircd, port 6667.
Some trojens use irc channels for control, might look into that.
--
Bob Bomar
[EMAIL PROTECTED]
http://www.bomar.us/~bob
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
------------ Output from gpg ------------
gpg: Signature made Tue Jun 7 22:24:55 2005 CDT using DSA key ID 3AED74AA
gpg: Can't check signature: public key not found
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
