Mailinglist Archive: opensuse-security (343 mails)

< Previous Next >
netstat shows a lot of connections that seem to be strange
  • From: Jörg Reiners <j.reiners@xxxxxx>
  • Date: Tue, 24 Jul 2001 11:37:13 +0200
  • Message-id: <3B5D41C9.E0D36A70@xxxxxx>


I have set up a DNS, WWW, FTP and E-Mail server using Suse Linux 6.2. The
machine is also used as PROXY for my clients to connect to the internet.

Now I recognized with the help of the netstat command that there are
a lot of connections to the internet that seem to be strange. Special
IP adresses or URL concerning spam of xxx stuff are somehow connected
to my server. As far as I can tell from the netstat output these IPs
connect to the www port or use a few other port numbers at the same time.

So I guess my system is insecure and someone has a backdoor to my server.
Can anyone tell me how to recognize intrusions using Linux commands ?
And how can I stop the abuse of my system. I am not so familiar with
Linux and was happy to have set up a system which can do all internet
related stuff my company needs. But now it seems to become a problem.

Joerg Reiners

< Previous Next >
This Thread
Follow Ups