[QUOTE=Shame you managed to read or reply to only half of my questions.[/QUOTE]
I am really ashamed that I have "managed to read or reply to only half of your "questions". I apologize to you if I have wasted your time and the time of those who might be reading this post. Actually being a basic level user, I couldn't understand those part of your questions which I have not replied.
If I look back at your question and to my reply then I find that the questions were :
Quote:
Originally Posted by unSpawn
How does this manifest itself then?
Or what hunches do you have?
Or what "seems wrong"?
What (publicly) accessable services does this server provide?
Is all software updated when updates are available?
Is the server hardened?
Is the server audited in any way?
Do the system and daemon logs or login records show any "weird" activity?
|
My reply to part of your question that I could understand was :
'How does this manifest itself then?
Or what hunches do you have?
Or what "seems wrong"? '
My answer to this (what "seems wrong"?) was "No I have not noticed any weird activity yet. I noticed the downloading because I observed Kwmnet, which showed a downloading going on. I checked Netstat also and found one particular IP, which I thought the odd one out. I have marked that IP and I will keep on looking for it. Since then nothing weird has happened." I presumed the above question as one because you used "or".
I failed to understand the following part and thus couldn't reply :
a) "What (publicly) accessable services does this server provide?"
b) "Is the server hardened? Is the server audited in any way?"
c) "Is the server audited in any way?"
I tried to reply on the following part of your question.
a) "Is all software updated when updates are available?"
b) "Do the system and daemon logs or login records show any "weird" activity?"
My reply was :
"No I have not noticed any weird activity yet. I noticed the downloading because I observed Kwmnet, which showed a downloading going on. I checked Netstat also and found one particular IP, which I thought the odd one out. I have marked that IP and I will keep on looking for it. Since then nothing weird has happened.
Regarding the Updates I still I have not all the updates installed.
From the Netstat output I could not gather what was being downloaded and what it the file."
May be I made a mistake in assuming that you will understand why I am not replying to some of your questions. I hope I have explained my position.
Coming back to my original question on what's being downloaded I think "iptraf" is good, which coolb has also replied as "iptraf works". It would be great for me if you can comment more on "iptraf".
I would finish of by asking you a simple question :
Do you feel you have correctly used the word 'shame' in your reply? I think you could have asked the same question in the following manner :
"If you can answer all my questions that would certainly help in solving the problem".
Thank you.