tcp connections not showing up anymore on netstat?

Alex alex.voicu at bredband.net
Fri Sep 23 08:21:04 PDT 2005 

Hello list,

I've got a rather strange problem. Yestoday, when I rebooted my box I
was still able to ping the box, but no services started (apache,ssh
etc), nor did they show up on netstat. So I rebooted it again, now I
could connect to the box on port 80 (httpd) and port 22 (ssh) but
netstat still wont show tcp.

Im beginning to think I got hacked because NOTHING was changed in the
configuration. And if I have, is there any way I can do to see wich bins
where rootkited?

Anyways, here is the relevant info, I'd appreciate some help:

-bash-2.05b# dmesg -a
Copyright (c) 1992-2005 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
        The Regents of the University of California. All rights
reserved.
FreeBSD 5.4-STABLE #1: Fri Sep  2 19:31:58 CEST 2005
    root at dracula.darksniper.net:/usr/obj/usr/src/sys/DRACULA
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Pentium II/Pentium II Xeon/Celeron (350.80-MHz 686-class CPU)
  Origin = "GenuineIntel"  Id = 0x651  Stepping = 1
 
Features=0x183f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,C
MOV,PA
T,PSE36,MMX,FXSR>
real memory  = 201261056 (191 MB)
avail memory = 187076608 (178 MB)
pnpbios: Bad PnP BIOS data checksum
ACPI disabled by blacklist.  Contact your BIOS vendor.

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000
Flushed all rules.
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
65000 allow ip from any to any
Firewall rules loaded, starting divert daemons:
.
net.inet.ip.fw.enable:
1
 ->
1

Starting dhclient.
Starting syslogd.
Sep 23 17:21:27 dracula syslogd: kernel boot file is /boot/kernel/kernel
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/X11R6/lib
/usr/local/lib
a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout
/usr/X11R6/lib/aout /etc
/ld.so.conf
Starting usbd.
apm:
can't open /dev/apm
:
No such file or directory
Starting local daemons:
Starting up Apache:
 httpd started
Starting up idled:
ddclient:
Starting up MySQL:
050923 17:21:37
  InnoDB: Started; log sequence number 0 122655417
/usr/local/libexec/mysqld: ready for connections.
Version: '4.1.11'  socket: '/tmp/mysql.sock'  port: 0  Source
distribution



-bash-2.05b# netstat -a
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address          Foreign Address
(state)
udp4       0      0  *.snmp                 *.*
udp4       0      0  *.syslog               *.*
udp4       0      0  *.bootpc               *.*
Active UNIX domain sockets
Address  Type   Recv-Q Send-Q    Inode     Conn     Refs  Nextref Addr
c15e908c stream      0      0 c1790528        0        0        0
/tmp/mysql.sock
c15e91a4 stream      0      0 c15ecb58        0        0        0
/var/run/devd.pipe
c15e9230 dgram       0      0        0 c15e9118        0 c15e9000
c15e9000 dgram       0      0        0 c15e9118        0        0
c15e9118 dgram       0      0 c15ec210        0 c15e9230        0
/var/run/log

More information about the freebsd-questions mailing list