Re: Unknown app ports 32703/32705/32706 logged !
are you running portmapper? If so, you need to look if these ports are mapped to specific things via rpcinfo. Also, you can use lsof for solaris. On Sun, 12 May 2002, dave toh wrote: > Hi, > > A firewall had detected that one of my machine (solaris 2.6) is broadcasting > port 32703/32705/32706 every 3 mins and as I understands it, these are > unregistered port nos although close to sun rpc. > > Can anyone help to provide pointers to find out which process is owning the > port? I don't think netstat in solaris can do the job as in linux (-npl). > > Your urgent help is deeply appreciated. > > rgds, > > dave > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Unknown app ports 32703/32705/32706 logged !
On Sun, May 12, 2002 at 09:58:33AM +0800, dave toh wrote: > Can anyone help to provide pointers to find out which process is owning the > port? I don't think netstat in solaris can do the job as in linux (-npl). does solaris have fuser or lsof ? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Unknown app ports 32703/32705/32706 logged !
Hi, A firewall had detected that one of my machine (solaris 2.6) is broadcasting port 32703/32705/32706 every 3 mins and as I understands it, these are unregistered port nos although close to sun rpc. Can anyone help to provide pointers to find out which process is owning the port? I don't think netstat in solaris can do the job as in linux (-npl). Your urgent help is deeply appreciated. rgds, dave _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Unknown app ports 32703/32705/32706 logged !
are you running portmapper? If so, you need to look if these ports are mapped to specific things via rpcinfo. Also, you can use lsof for solaris. On Sun, 12 May 2002, dave toh wrote: > Hi, > > A firewall had detected that one of my machine (solaris 2.6) is broadcasting > port 32703/32705/32706 every 3 mins and as I understands it, these are > unregistered port nos although close to sun rpc. > > Can anyone help to provide pointers to find out which process is owning the > port? I don't think netstat in solaris can do the job as in linux (-npl). > > Your urgent help is deeply appreciated. > > rgds, > > dave > > _ > Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Unknown app ports 32703/32705/32706 logged !
On Sun, May 12, 2002 at 09:58:33AM +0800, dave toh wrote: > Can anyone help to provide pointers to find out which process is owning the > port? I don't think netstat in solaris can do the job as in linux (-npl). does solaris have fuser or lsof ? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Unknown app ports 32703/32705/32706 logged !
Hi, A firewall had detected that one of my machine (solaris 2.6) is broadcasting port 32703/32705/32706 every 3 mins and as I understands it, these are unregistered port nos although close to sun rpc. Can anyone help to provide pointers to find out which process is owning the port? I don't think netstat in solaris can do the job as in linux (-npl). Your urgent help is deeply appreciated. rgds, dave _ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: is this an attack on my sendmail?
* Quoting César Augusto Seronni Filho ([EMAIL PROTECTED]): > hi guys in my maillog I am receiving many strange message on sendmail like > that: > May 10 18:52:50 xserver sendmail[]: g4AIRfa02119: > to=<[EMAIL PROTECTED]>, ctladdr= (638/45), > delay=03:25:09, xdelay=00:00:00, mailer=esmtp, pri=607606, > relay=company.com., dsn=4.0.0, stat=Deferred: Connection timed out with > company.com. company.com might be down. Sendmail will retry later. > look that is one registred email with my domain. The > messages points aways to the same user email. > > and the other strange thing is that when i try to check the > conections(netstat -at) there are one strange like that: > tcp0 1 myserver:35169 mywebos.com:smtpSYN_SENT > when I use netstat -atn looks like that: > tcp0 1 myserver:35169208.49.229.140:25 SYN_SENT > > and look that this ip(208.49.229.140.25) is not owned by mywebos.com > > I think it is spoofed Probably a typo: 18:07 [EMAIL PROTECTED]:~$ host 208.49.229.140 Name: mywebos.com Address: 208.49.229.140 > Maybe this is an attack? Unlikely. The connections origin is your server. > What i can do? Lean back. - Rolf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: is this an attack on my sendmail?
* Quoting César Augusto Seronni Filho ([EMAIL PROTECTED]): > hi guys in my maillog I am receiving many strange message on sendmail like > that: > May 10 18:52:50 xserver sendmail[]: g4AIRfa02119: > to=<[EMAIL PROTECTED]>, ctladdr= (638/45), > delay=03:25:09, xdelay=00:00:00, mailer=esmtp, pri=607606, > relay=company.com., dsn=4.0.0, stat=Deferred: Connection timed out with > company.com. company.com might be down. Sendmail will retry later. > look that is one registred email with my domain. The > messages points aways to the same user email. > > and the other strange thing is that when i try to check the > conections(netstat -at) there are one strange like that: > tcp0 1 myserver:35169 mywebos.com:smtpSYN_SENT > when I use netstat -atn looks like that: > tcp0 1 myserver:35169208.49.229.140:25 SYN_SENT > > and look that this ip(208.49.229.140.25) is not owned by mywebos.com > > I think it is spoofed Probably a typo: 18:07 rk@afrika:~$ host 208.49.229.140 Name: mywebos.com Address: 208.49.229.140 > Maybe this is an attack? Unlikely. The connections origin is your server. > What i can do? Lean back. - Rolf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
How I can limit anexed file on sendmail?
How I can limit the size of anexed files on sendmail? tkx -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
How I can limit anexed file on sendmail?
How I can limit the size of anexed files on sendmail? tkx -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Fixing file system privileges
also sprach David Stanaway <[EMAIL PROTECTED]> [2002.05.11.0904 +0200]: > Since the last time you hit _ in dselect maybe. > > [EMAIL PROTECTED]:~$ dpkg --get-selections |grep purge > aptitude purge > [EMAIL PROTECTED]:~$ sudo dpkg --purge aptitude > (Reading database ... 98668 files and directories currently installed.) > Removing aptitude ... > Purging configuration files for aptitude ... > [EMAIL PROTECTED]:~$ dpkg --get-selections |grep purge > [EMAIL PROTECTED]:~$ > > So it is purges that are pending (Hence: dpkg --pending --purge which is > run by dselect). yeah, that makes sense. i never have non-purged software around. my bad. in any case, my suggestion, to grep -v "deinstall" would cope with that just fine ;) -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] ever stop to think, and forget to start again? pgp2IvJ6leqdC.pgp Description: PGP signature
Re: Fixing file system privileges
On Sat, 2002-05-11 at 01:16, martin f krafft wrote: > also sprach Peter Cordes <[EMAIL PROTECTED]> [2002.05.11.0155 +0200]: > > nope, purge is a possible status too. > > since when? Since the last time you hit _ in dselect maybe. [EMAIL PROTECTED]:~$ dpkg --get-selections |grep purge aptitudepurge [EMAIL PROTECTED]:~$ sudo dpkg --purge aptitude (Reading database ... 98668 files and directories currently installed.) Removing aptitude ... Purging configuration files for aptitude ... [EMAIL PROTECTED]:~$ dpkg --get-selections |grep purge [EMAIL PROTECTED]:~$ So it is purges that are pending (Hence: dpkg --pending --purge which is run by dselect). -- David Stanaway signature.asc Description: This is a digitally signed message part
Re: Fixing file system privileges
also sprach Peter Cordes <[EMAIL PROTECTED]> [2002.05.11.0155 +0200]: > nope, purge is a possible status too. since when? fishbowl:~> dpkg --get-selections | grep purge fishbowl:~> -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] "may your future be limited only by your dreams." -- christa mcauliffe pgpasvgPu9n8y.pgp Description: PGP signature
Re: Fixing file system privileges
also sprach David Stanaway <[EMAIL PROTECTED]> [2002.05.11.0904 +0200]: > Since the last time you hit _ in dselect maybe. > > dstanawa@ciderbox:~$ dpkg --get-selections |grep purge > aptitude purge > dstanawa@ciderbox:~$ sudo dpkg --purge aptitude > (Reading database ... 98668 files and directories currently installed.) > Removing aptitude ... > Purging configuration files for aptitude ... > dstanawa@ciderbox:~$ dpkg --get-selections |grep purge > dstanawa@ciderbox:~$ > > So it is purges that are pending (Hence: dpkg --pending --purge which is > run by dselect). yeah, that makes sense. i never have non-purged software around. my bad. in any case, my suggestion, to grep -v "deinstall" would cope with that just fine ;) -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck ever stop to think, and forget to start again? msg06683/pgp0.pgp Description: PGP signature
