Anything to worry about?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M 
George Toft at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Jim
Date:  
To: plug-discuss
Old-Topics: Re: OT Bagle virus - was Re: Hi
New-Topics: iptables
Subject: Anything to worry about?
I noticed my linux box seemed a bit slow today so I looked around and
found the following when I ran ps-fu root. 

UID        PID  PPID  C STIME TTY          TIME CMD
root         1     0  2 02:51 ?        00:00:04 init
root         2     1  0 02:51 ?        00:00:00 [keventd]
root         3     1  0 02:51 ?        00:00:00 [ksoftirqd_CPU0]
root         4     1  0 02:51 ?        00:00:00 [kswapd]
root         5     1  0 02:51 ?        00:00:00 [bdflush]
root         6     1  0 02:51 ?        00:00:00 [kupdated]
root        10     1  0 02:52 ?        00:00:00 [mdrecoveryd]
root        11     1  0 02:52 ?        00:00:00 [kjournald]
root        26     1  0 02:52 ?        00:00:00 [loop0]
root       161     1  0 02:52 ?        00:00:00 [eth0]
root       214     1  0 02:52 ?        00:00:00 [khubd]
root       741     1  0 02:52 ?        00:00:00 /usr/sbin/syslogd
root       744     1  0 02:52 ?        00:00:00 /usr/sbin/klogd -c 3 -x
root       747     1  0 02:52 ?        00:00:00 /usr/sbin/inetd
root       750     1  1 02:52 ?        00:00:01 /usr/sbin/sshd
root       760     1  0 02:52 ?        00:00:00 /usr/sbin/crond -l10
root       763     1  0 02:52 ?        00:00:00 sendmail: accepting connections
root       773     1  0 02:52 ?        00:00:00 /usr/sbin/httpd
root       775     1  0 02:52 ?        00:00:00 /usr/sbin/gpm -m /dev/mouse -t i
root       778     1  0 02:52 ?        00:00:00 [eth1]
root       802     1  0 02:52 ?        00:00:00 smbd
root       804     1  0 02:52 ?        00:00:00 nmbd
root       805   804  0 02:52 ?        00:00:00 nmbd
root       808     1  0 02:52 tty2     00:00:00 /sbin/agetty 38400 tty2 linux
root       809     1  0 02:52 tty3     00:00:00 /sbin/agetty 38400 tty3 linux
root       810     1  0 02:52 tty4     00:00:00 /sbin/agetty 38400 tty4 linux
root       811     1  0 02:52 tty5     00:00:00 /sbin/agetty 38400 tty5 linux
root       812     1  0 02:52 tty6     00:00:00 /sbin/agetty 38400 tty6 linux
root       813   802  0 02:53 ?        00:00:00 smbd


I ran ftpwho and it showed only one ftp login. I then ran netwatch and it
showed two connections from different IP addresses. I then ran tcpdump
and it showed the follwing which got my attention.


03:14:36.904761 216-19-216-108.getnet.net.1041 > dsl-082-082-166-008.arcor-ip.net.3352: . 40961:42373(1412) ack 0 win 5840 (DF)

03:14:47.336196 216-19-216-108.getnet.net.1040 > dialin-212-144-039-232.arcor-ip.net.blackjack: P 105985:106497(512) ack 0 win 5840 (DF)

What is this blackjack? Will someone please let me know what kind of
threat this is if any? If it is a threat, what do I do about it?

Thanks

Jim
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: OT Bagle virus - was Re: Hiiptables->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)