[ale] odd lsof -i.
Robert L. Harris
Robert.L.Harris at rdlg.net
Wed Jun 13 17:51:57 EDT 2001
I'm curious of the security of a box... There's a big empty time span
missing from this morn and sendmail went down this morn. I'm also
see'ing this:
[root at rl1 log]# lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sshd 450 root 3u IPv4 395 TCP *:ssh (LISTEN)
xntpd 465 root 4u IPv4 420 UDP *:ntp
xntpd 465 root 5u IPv4 421 UDP d94s117.subd.company.com:ntp
xntpd 465 root 6u IPv4 422 UDP rl1.subd.company.com:ntp
I'm curious about the 3rd entry. That is in theory a machine inside the
company but it doesn't answer pings and I can't figure out why it'd be
talking to this machine on the ntp protocol. This machine isn't an
ntp server and that 3rd entry is dhcp so it's not a server either.
I'm nmaping the box now.
Thoughts?
:wq!
---------------------------------------------------------------------------
Robert L. Harris | Micros~1 :
Senior System Engineer | For when quality, reliability
at RnD Consulting | and security just aren't
\_ that important!
DISCLAIMER:
These are MY OPINIONS ALONE. I speak for no-one else.
FYI:
perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list