netstat shows a lot of connections that seem to be strange
Hi, I have set up a DNS, WWW, FTP and E-Mail server using Suse Linux 6.2. The machine is also used as PROXY for my clients to connect to the internet. Now I recognized with the help of the netstat command that there are a lot of connections to the internet that seem to be strange. Special IP adresses or URL concerning spam of xxx stuff are somehow connected to my server. As far as I can tell from the netstat output these IPs connect to the www port or use a few other port numbers at the same time. So I guess my system is insecure and someone has a backdoor to my server. Can anyone tell me how to recognize intrusions using Linux commands ? And how can I stop the abuse of my system. I am not so familiar with Linux and was happy to have set up a system which can do all internet related stuff my company needs. But now it seems to become a problem. Ciao, Joerg Reiners
Le Mardi 24 Juillet 2001 11:37, Jörg Reiners a écrit :
Hi,
I have set up a DNS, WWW, FTP and E-Mail server using Suse Linux 6.2. The machine is also used as PROXY for my clients to connect to the internet.
I'm new to security, but I think that a recent distro and a firewall are the minimum I use suse 7.2 and the "personnal firewall" is said to block any external connection, what is aexactly what I need. suffice to check the correct box in yast2 to have it. beware not to confuse with the Suse firewall, probably better, but much more difficult to understand. sincerely jdd -- <http://www.dodin.net> <mailto:jdanield@dodin.net> WHO'S THAT GUY ? Help me found it Russia & South america help needed http://www.dodin.net/serge/index.html
participants (2)
-
jdd -
Jörg Reiners