[lug] Netstat (newbie)
nate at natetech.com
Wed Aug 2 11:47:25 MDT 2000
On Tue, Aug 01, 2000 at 04:55:46PM -0600, Michael Deck wrote:
> >Actually, it is pretty easy to turn off all the services with most
> >distributions. A firewall doesn't need sendmail, etc. and they should be
> >disabled. If you do a "netstat -an" and don't see any listeners, there almost
> >no chance of a remote exploit. (I can't remember the last time there was a
> >remote exploit in the kernel itself.)
> Every once in a while, following these flame-wars teaches me something. I went right in and did a netstat -an and there is a listener whose IP address I don't recognize. What does this mean? There are several relevant entries:
> bash$ netstat -an
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address Foreign Address State
> tcp 0 0 172.16.101.1:139 0.0.0.0:* LISTEN
> udp 0 0 172.16.101.1:138 0.0.0.0:*
> udp 0 0 172.16.101.1:137 0.0.0.0:*
> Any thoughts?
Looks like Samba.
Nate Duehr <nate at natetech.com>
GPG Key fingerprint = DCAF 2B9D CC9B 96FA 7A6D AAF4 2D61 77C5 7ECE C1D2
Public Key available upon request, or at wwwkeys.pgp.net and others.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 232 bytes
Desc: not available
More information about the LUG