On Tue, Jan 17, 2006 at 03:28:55PM -0700, Justin Guerin wrote: > Date: Tue, 17 Jan 2006 15:28:55 -0700 > From: Justin Guerin <[EMAIL PROTECTED]> > To: debian-user@lists.debian.org > Subject: Re: strange outbound connection > > > > What about `lsof -i`? > > > > nothing: > > llserv:~# lsof -i @217.91.13.234 > > llserv:~# lsof -i @213.20.165.177 > > > > (I now have two of them, according to firestarter listening on different > > ports: 1054 and 33414) > > > > If you're worried that you've got a service running that you don't want, > try, as root, 'lsof | grep LISTEN'. This will show you all programs that > are actively listening for connections, even if they're bound to the local > host. > > If that doesn't solve the mystery, how about the output of, as root, 'lsof | > egrep "TCP|UDP"'? That will show you some established network connections > (mounts are missing for me), and the program responsible. I don't know if > anything will show up here that doesn't show up in 'netstat --ip', though.
Well, if johannes really have a rootkit installed, it may be hiding from netstat, ps etc. So I'd suggest him to boot from a livecd and run chkrootkit. -- Alexei Chetroi Smile... Tomorrow will be worse. (c) Murphy's Law -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
