Date: Fri, 23 Sep 2005 17:21:04 +0200 From: "Alex" <alex.voicu@bredband.net> To: <freebsd-questions@freebsd.org> Subject: tcp connections not showing up anymore on netstat? Message-ID: <000001c5c052$69d6c020$640010ac@neo>
next in thread | raw e-mail | index | archive | help
Hello list,
I've got a rather strange problem. Yestoday, when I rebooted my box I
was still able to ping the box, but no services started (apache,ssh
etc), nor did they show up on netstat. So I rebooted it again, now I
could connect to the box on port 80 (httpd) and port 22 (ssh) but
netstat still wont show tcp.
Im beginning to think I got hacked because NOTHING was changed in the
configuration. And if I have, is there any way I can do to see wich bins
where rootkited?
Anyways, here is the relevant info, I'd appreciate some help:
-bash-2.05b# dmesg -a
Copyright (c) 1992-2005 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights
reserved.
FreeBSD 5.4-STABLE #1: Fri Sep 2 19:31:58 CEST 2005
root@dracula.darksniper.net:/usr/obj/usr/src/sys/DRACULA
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Pentium II/Pentium II Xeon/Celeron (350.80-MHz 686-class CPU)
Origin = "GenuineIntel" Id = 0x651 Stepping = 1
Features=0x183f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,C
MOV,PA
T,PSE36,MMX,FXSR>
real memory = 201261056 (191 MB)
avail memory = 187076608 (178 MB)
pnpbios: Bad PnP BIOS data checksum
ACPI disabled by blacklist. Contact your BIOS vendor.
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
inet 127.0.0.1 netmask 0xff000000
Flushed all rules.
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
65000 allow ip from any to any
Firewall rules loaded, starting divert daemons:
.
net.inet.ip.fw.enable:
1
->
1
Starting dhclient.
Starting syslogd.
Sep 23 17:21:27 dracula syslogd: kernel boot file is /boot/kernel/kernel
ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/X11R6/lib
/usr/local/lib
a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout
/usr/X11R6/lib/aout /etc
/ld.so.conf
Starting usbd.
apm:
can't open /dev/apm
:
No such file or directory
Starting local daemons:
Starting up Apache:
httpd started
Starting up idled:
ddclient:
Starting up MySQL:
050923 17:21:37
InnoDB: Started; log sequence number 0 122655417
/usr/local/libexec/mysqld: ready for connections.
Version: '4.1.11' socket: '/tmp/mysql.sock' port: 0 Source
distribution
-bash-2.05b# netstat -a
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address
(state)
udp4 0 0 *.snmp *.*
udp4 0 0 *.syslog *.*
udp4 0 0 *.bootpc *.*
Active UNIX domain sockets
Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr
c15e908c stream 0 0 c1790528 0 0 0
/tmp/mysql.sock
c15e91a4 stream 0 0 c15ecb58 0 0 0
/var/run/devd.pipe
c15e9230 dgram 0 0 0 c15e9118 0 c15e9000
c15e9000 dgram 0 0 0 c15e9118 0 0
c15e9118 dgram 0 0 c15ec210 0 c15e9230 0
/var/run/log
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000001c5c052$69d6c020$640010ac>