Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
Re: [suse-security] netstat-output
  • From: Stefan Suurmeijer <stefan@xxxxxxxxxxxx>
  • Date: Tue, 5 Dec 2000 17:28:06 +0100 (CET)
  • Message-id: <Pine.LNX.4.30.0012051716450.4533-100000@xxxxxxxxxxxxxxxxxxxx>
On Tue, 5 Dec 2000, Martin Geigl wrote:

> Hi all,
>
> had an attack attempt a few days ago via the kstatd, but it seemed to me
> it wasn't successfull. I did an netstat -p to check and got the
> following:
>
> (Not all processes could be identified, non-owned process info
> will not be shown, you would have to be root to see it all.)
>
> But I was root!
> My question now is, is this a standard comment of netstat or is there a
> "hidden" program running, which even root can't see (e.g. some trojan
> horse)?
>

AFAIK it just means what it says: netstat can't identify all running
processes. Maybe not the best choice of words, but no trojan causing it.
If you're afraid you've been hacked, check out CERT's checklist
(www.cert.org). It has a number of steps you can check. For instance
checking the md5sum of ps, ls etc.

> Thanks in Advance
> Martin
> --

Stefan



< Previous Next >
Follow Ups
References