Hi Folks,
I'm almost sure that my server has been compromised by some heinous
cracker and am taking steps to remedy this. I've grepped tcp from lsof
and came up with this and would like to know if there is something there
that shouldn't be.
dnsserver 478squid0u IPv4508 TCP
localhost.localdomain:1024->localhost.localdomain:listen (ESTABLISHED)
dnsserver 478squid1u IPv4508 TCP
localhost.localdomain:1024->localhost.localdomain:listen (ESTABLISHED)
dnsserver 479squid0u IPv4511 TCP
localhost.localdomain:nterm->localhost.localdomain:1027 (ESTABLISHED)
dnsserver 479squid1u IPv4511 TCP
localhost.localdomain:nterm->localhost.localdomain:1027 (ESTABLISHED)
dnsserver 480squid0u IPv4514 TCP
localhost.localdomain:1028->localhost.localdomain:1029 (ESTABLISHED)
dnsserver 480squid1u IPv4514 TCP
localhost.localdomain:1028->localhost.localdomain:1029 (ESTABLISHED)
dnsserver 481squid0u IPv4517 TCP
localhost.localdomain:1030->localhost.localdomain:1031 (ESTABLISHED)
dnsserver 481squid1u IPv4517 TCP
localhost.localdomain:1030->localhost.localdomain:1031 (ESTABLISHED)
dnsserver 483squid0u IPv4521 TCP
localhost.localdomain:1032->localhost.localdomain:1033 (ESTABLISHED)
dnsserver 483squid1u IPv4521 TCP
localhost.localdomain:1032->localhost.localdomain:1033 (ESTABLISHED)
httpd 420 root 16u IPv4457 TCP *:http
(LISTEN)
httpd 423 root 16u IPv4457 TCP *:http
(LISTEN)
httpd 424 root 16u IPv4457 TCP *:http
(LISTEN)
httpd 425 root 16u IPv4457 TCP *:http
(LISTEN)
httpd 426 root 16u IPv4457 TCP *:http
(LISTEN)
httpd 428 root 16u IPv4457 TCP *:http
(LISTEN)
httpd 429 root 16u IPv4457 TCP *:http
(LISTEN)
httpd 430 root 16u IPv4457 TCP *:http
(LISTEN)
httpd 431 root 16u IPv4457 TCP *:http
(LISTEN)
httpd 435 root 16u IPv4457 TCP *:http
(LISTEN)
httpd 436 root 16u IPv4457 TCP *:http
(LISTEN)
inetd 337 root5u IPv4304 TCP
*:poppassd (LISTEN)
inetd 337 root6u IPv4305 TCP *:pop-3
(LISTEN)
inetd 337 root7u IPv4306 TCP *:auth
(LISTEN)
master 402 root 11u IPv4382 TCP *:smtp
(LISTEN)
named 353 root 21u IPv4323 TCP
localhost.localdomain:domain (LISTEN)
named 353 root 23u IPv4325 TCP
bonifacio.centinet.com:domain (LISTEN)
smtpd 1327 root4u IPv4382 TCP *:smtp
(LISTEN)
smtpd 1327 root7u IPv4 3260 TCP
bonifacio.centinet.com:smtp->203.176.36.70:2144 (ESTABLISHED)
squid 465 root2u IPv4507 TCP
localhost.localdomain:listen->localhost.localdomain:1024 (ESTABLISHED)
squid 465 root 33u IPv4619 TCP *:
(LISTEN)
squid 465 root3u IPv4510 TCP
localhost.localdomain:1027->localhost.localdomain:nterm (ESTABLISHED)
squid 465 root4u IPv4513 TCP
localhost.localdomain:1029->localhost.localdomain:1028 (ESTABLISHED)
squid 465 root5u IPv4516 TCP
localhost.localdomain:1031->localhost.localdomain:1030 (ESTABLISHED)
squid 465 root6u IPv4520 TCP
localhost.localdomain:1033->localhost.localdomain:1032 (ESTABLISHED)
Thanks in advance again.
Mabuhay!
Erik
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]