tcp connections not showing up anymore on netstat?
Chris Petrovitch
chris at sackofcheese.com
Fri Sep 23 09:58:22 PDT 2005
+++ Alex [23/09/05 17:21 +0200]:
> Hello list,
>
> I've got a rather strange problem. Yestoday, when I rebooted my box I
> was still able to ping the box, but no services started (apache,ssh
> etc), nor did they show up on netstat. So I rebooted it again, now I
> could connect to the box on port 80 (httpd) and port 22 (ssh) but
> netstat still wont show tcp.
>
> Im beginning to think I got hacked because NOTHING was changed in the
> configuration. And if I have, is there any way I can do to see wich bins
> where rootkited?
>
> Anyways, here is the relevant info, I'd appreciate some help:
>
> -bash-2.05b# dmesg -a
> Copyright (c) 1992-2005 The FreeBSD Project.
> Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
> The Regents of the University of California. All rights
> reserved.
> FreeBSD 5.4-STABLE #1: Fri Sep 2 19:31:58 CEST 2005
> root at dracula.darksniper.net:/usr/obj/usr/src/sys/DRACULA
> Timecounter "i8254" frequency 1193182 Hz quality 0
> CPU: Pentium II/Pentium II Xeon/Celeron (350.80-MHz 686-class CPU)
> Origin = "GenuineIntel" Id = 0x651 Stepping = 1
>
> Features=0x183f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,C
> MOV,PA
> T,PSE36,MMX,FXSR>
> real memory = 201261056 (191 MB)
> avail memory = 187076608 (178 MB)
> pnpbios: Bad PnP BIOS data checksum
> ACPI disabled by blacklist. Contact your BIOS vendor.
>
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
> inet 127.0.0.1 netmask 0xff000000
> Flushed all rules.
> 00100 allow ip from any to any via lo0
> 00200 deny ip from any to 127.0.0.0/8
> 00300 deny ip from 127.0.0.0/8 to any
> 65000 allow ip from any to any
> Firewall rules loaded, starting divert daemons:
> .
> net.inet.ip.fw.enable:
> 1
> ->
> 1
>
> Starting dhclient.
> Starting syslogd.
> Sep 23 17:21:27 dracula syslogd: kernel boot file is /boot/kernel/kernel
> ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/X11R6/lib
> /usr/local/lib
> a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout
> /usr/X11R6/lib/aout /etc
> /ld.so.conf
> Starting usbd.
> apm:
> can't open /dev/apm
> :
> No such file or directory
> Starting local daemons:
> Starting up Apache:
> httpd started
> Starting up idled:
> ddclient:
> Starting up MySQL:
> 050923 17:21:37
> InnoDB: Started; log sequence number 0 122655417
> /usr/local/libexec/mysqld: ready for connections.
> Version: '4.1.11' socket: '/tmp/mysql.sock' port: 0 Source
> distribution
>
>
>
> -bash-2.05b# netstat -a
> Active Internet connections (including servers)
> Proto Recv-Q Send-Q Local Address Foreign Address
> (state)
> udp4 0 0 *.snmp *.*
> udp4 0 0 *.syslog *.*
> udp4 0 0 *.bootpc *.*
> Active UNIX domain sockets
> Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
> c15e908c stream 0 0 c1790528 0 0 0
> /tmp/mysql.sock
> c15e91a4 stream 0 0 c15ecb58 0 0 0
> /var/run/devd.pipe
> c15e9230 dgram 0 0 0 c15e9118 0 c15e9000
> c15e9000 dgram 0 0 0 c15e9118 0 0
> c15e9118 dgram 0 0 c15ec210 0 c15e9230 0
> /var/run/log
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
I don't really know waht the problem could be, but try using the prog. lsof.
Its in the ports. It lists all the open files on the computer, and using the
command "lsof -i4" you can see any IPv4 files that are open.
hope it helps
chris
--
/===============================================\
| Chris Petrovitch |
| email: chris at sackofcheese.com |
| jabber: crispy at sackofcheese.com |
\===============================================/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20050923/fa7bccdd/attachment.bin
More information about the freebsd-questions
mailing list