Date: Fri, 23 Sep 2005 17:21:04 +0200 From: "Alex" <alex.voicu@bredband.net> To: <freebsd-questions@freebsd.org> Subject: tcp connections not showing up anymore on netstat? Message-ID: <000001c5c052$69d6c020$640010ac@neo>
next in thread | raw e-mail | index | archive | help
Hello list, I've got a rather strange problem. Yestoday, when I rebooted my box I was still able to ping the box, but no services started (apache,ssh etc), nor did they show up on netstat. So I rebooted it again, now I could connect to the box on port 80 (httpd) and port 22 (ssh) but netstat still wont show tcp. Im beginning to think I got hacked because NOTHING was changed in the configuration. And if I have, is there any way I can do to see wich bins where rootkited? Anyways, here is the relevant info, I'd appreciate some help: -bash-2.05b# dmesg -a Copyright (c) 1992-2005 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. FreeBSD 5.4-STABLE #1: Fri Sep 2 19:31:58 CEST 2005 root@dracula.darksniper.net:/usr/obj/usr/src/sys/DRACULA Timecounter "i8254" frequency 1193182 Hz quality 0 CPU: Pentium II/Pentium II Xeon/Celeron (350.80-MHz 686-class CPU) Origin = "GenuineIntel" Id = 0x651 Stepping = 1 Features=0x183f9ff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,C MOV,PA T,PSE36,MMX,FXSR> real memory = 201261056 (191 MB) avail memory = 187076608 (178 MB) pnpbios: Bad PnP BIOS data checksum ACPI disabled by blacklist. Contact your BIOS vendor. lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384 inet 127.0.0.1 netmask 0xff000000 Flushed all rules. 00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 65000 allow ip from any to any Firewall rules loaded, starting divert daemons: . net.inet.ip.fw.enable: 1 -> 1 Starting dhclient. Starting syslogd. Sep 23 17:21:27 dracula syslogd: kernel boot file is /boot/kernel/kernel ELF ldconfig path: /lib /usr/lib /usr/lib/compat /usr/X11R6/lib /usr/local/lib a.out ldconfig path: /usr/lib/aout /usr/lib/compat/aout /usr/X11R6/lib/aout /etc /ld.so.conf Starting usbd. apm: can't open /dev/apm : No such file or directory Starting local daemons: Starting up Apache: httpd started Starting up idled: ddclient: Starting up MySQL: 050923 17:21:37 InnoDB: Started; log sequence number 0 122655417 /usr/local/libexec/mysqld: ready for connections. Version: '4.1.11' socket: '/tmp/mysql.sock' port: 0 Source distribution -bash-2.05b# netstat -a Active Internet connections (including servers) Proto Recv-Q Send-Q Local Address Foreign Address (state) udp4 0 0 *.snmp *.* udp4 0 0 *.syslog *.* udp4 0 0 *.bootpc *.* Active UNIX domain sockets Address Type Recv-Q Send-Q Inode Conn Refs Nextref Addr c15e908c stream 0 0 c1790528 0 0 0 /tmp/mysql.sock c15e91a4 stream 0 0 c15ecb58 0 0 0 /var/run/devd.pipe c15e9230 dgram 0 0 0 c15e9118 0 c15e9000 c15e9000 dgram 0 0 0 c15e9118 0 0 c15e9118 dgram 0 0 c15ec210 0 c15e9230 0 /var/run/log
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?000001c5c052$69d6c020$640010ac>