[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: hack?
On Fri, 9 May 1997, Ira Abramov wrote:
>
>
Hi,
> just played around with netstat -e -a, saw this weird connection:
>
> root
> tcp 0 0 bit.scso.com:21385 becker1.u.washingto:irc ESTABLISHED
^^^^^^^^^^^^^^^^^^^^^^^
this is weird. If you were using Irc, you wouldn't be connected to server:irc
but most probably to server:port_higher_than_1024 (usually 6665/6/7/7000
etc).
irc 194/tcp # Internet Relay Chat
irc 194/udp
This is the Irc port specified in the RFC, meant for server to server
connections, assuming that connect() is done as root. Since no Irc network
I know of uses suid irc daemons, this would be weird. What exact time was
this ?? I can ask the washington.edu irc-admin to have a look at the users
log (EFnet ircd's have that feature), and tell you who connected from your
machine at that time.(The admin there is a friend of mine).
--Ariel
>
>
> I'm not using irc, and I'm the only one on my server...
> I forgot how to find out which process is the one that opened the
> connection... anyone?
>
> -------------------------------------------------------------
> Ira Abramov <ira@scso.com> Scalable Solutions
> POBox 3600, Jerusalem 91035, Israel Tel (972)2-642-6822
> http://www.scso.com/~ira Check out: http://www.linux.org.il
>
+---------------------------------------------------------+
| Ariel Biener |
| e-mail: ariel@post.tau.ac.il Work ph: 03-6406086 |
+---------------------------------------------------------+
Follow-Ups:
- Re: hack?
- From: Viktorie Navratilova <vnavrat@orion.it.luc.edu>
- Re: hack?
- From: Amos Shapira <amos@dsi.co.il>
References:
- hack?
- From: Ira Abramov <ira@scso.com>