LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 04-12-2004, 11:45 AM   #1
chongluo
Member
 
Registered: Mar 2004
Location: uk
Distribution: fedora2, slackware10
Posts: 54

Rep: Reputation: 15
feel like being hacked?????


hi,

i typed in netstat command, and the screen shows me the result like this

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 268 192.168.1.100:ssh cpc1-nott2-5-0-cus:1436 ESTABLISHED
tcp 0 0 192.168.1.100:http 12.119.251.194:15786 TIME_WAIT
tcp 0 0 192.168.1.100:http 12.119.251.194:16999 TIME_WAIT
tcp 0 0 192.168.1.100:http 12.119.251.194:21849 ESTABLISHED
tcp 0 83464 192.168.1.100:33008 hyper.physics.not:41930 ESTABLISHED
tcp 0 16616 192.168.1.100:http 12.119.251.194:19405 ESTABLISHED
tcp 0 0 192.168.1.100:33002 hyper.physics.nott:2121 ESTABLISHED

i'm not sure what "hyper.physics.not:41930" doing on my computer, have i been hacked? what is it doing on port 33008 and 33002, can anyone here please help me what it is???
 
Old 04-12-2004, 12:18 PM   #2
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 234Reputation: 234Reputation: 234
Got any apps that use the net open at this time? Doubt that your getting hacked though..
 
Old 04-12-2004, 12:58 PM   #3
chongluo
Member
 
Registered: Mar 2004
Location: uk
Distribution: fedora2, slackware10
Posts: 54

Original Poster
Rep: Reputation: 15
Quote:
Originally posted by trickykid
Got any apps that use the net open at this time? Doubt that your getting hacked though..
only vsftp, telnet, ssh, and apache running for network
so i don't know why
 
Old 04-12-2004, 01:29 PM   #4
peacebwitchu
Member
 
Registered: Apr 2004
Distribution: Debian
Posts: 185

Rep: Reputation: 30
Have you tried netstat -anp this should show you what is running on that port.
 
Old 04-12-2004, 02:37 PM   #5
chongluo
Member
 
Registered: Mar 2004
Location: uk
Distribution: fedora2, slackware10
Posts: 54

Original Poster
Rep: Reputation: 15
yeah, i tried that as well

does anyone know where is the log file which it keeps all the login details, i think i'd better check that file, see if there is any intruders
 
Old 04-12-2004, 02:41 PM   #6
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 234Reputation: 234Reputation: 234
Quote:
Originally posted by chongluo
yeah, i tried that as well

does anyone know where is the log file which it keeps all the login details, i think i'd better check that file, see if there is any intruders
/var/log/messages or you can use the command last to see log info.
 
Old 04-12-2004, 03:06 PM   #7
peacebwitchu
Member
 
Registered: Apr 2004
Distribution: Debian
Posts: 185

Rep: Reputation: 30
Then what was the ouput of "netstat -anp". Also "fuser -n tcp port#" will show you the pid that has this port open. It looks like you connected on port 2121 to them and then the other connection might be related. You can also run "tcpdump -i eth0 port port#" to watch the data flow or write it to a file so you can view it with ethereal. "tcpdump -i eth0 port port# -w file.out -s 1500"

Last edited by peacebwitchu; 04-12-2004 at 03:12 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
look and feel brickbat Linare 1 09-26-2004 12:39 AM
I feel human again ! bugsbunny General 9 04-16-2004 11:00 AM
I feel like I was hacked(doubt it) shanenin Linux - Security 10 04-06-2004 09:57 PM
I feel retarted spuppett Mandriva 3 04-03-2004 12:01 AM
I feel like a jerk asking this but.... lackluster General 4 08-28-2002 03:29 PM


All times are GMT -5. The time now is 11:03 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration