Loading ...
Sorry, an error occurred while loading the content.
 

Re: [nslu2-general] Re: Network Activity

Expand Messages
  • Inge B. Arnesen
    Well - you might do: 1. Identify current TCP connections Run netstat -tn to list all TCP connection with IP and port numbers. If none seem suspicious (IPs
    Message 1 of 4 , Jul 25, 2006
      Well - you might do:

      1. Identify current TCP connections

      Run "netstat -tn" to list all TCP connection with IP and port numbers. If
      none seem suspicious (IPs ouside your range), it is unlikely that anyone
      are currently connected to your slug. This is you primary (and fastest)
      way of testing for suspicious activity (try without the "n" option to
      resolve names of IPs and ports).

      2. If you found suspicious connnections in (1), look for the application
      holding this connection. Install lsof (using ipkg or apt-get depending on
      OS) and run:

      lsof -n | grep TCP

      and

      lsof -n | grep UDP

      to see all applications, the connections they use and the ports they
      listen on. This will also let you look for unsanctioned services listening
      on TCP/UDP ports.

      And... even though it may not sound helpful: *don't worry too much* Life
      is stressful enough without making paranoia part of daily life.

      best,

      -- Inge
    Your message has been successfully submitted and would be delivered to recipients shortly.