Am 15.03.2013 14:03, schrieb Mateusz Marzantowicz: > W dniu 15.03.2013 11:09, Georgios Petasis pisze: >> Στις 15/3/2013 11:57 πμ, ο/η Ed Greshko έγραψε: >>> On 03/15/13 17:46, Ed Greshko wrote: >>>> Is the destination IP address a single IP address or are there others. >>>> >>>> Is your system running a DNS server? If you are running one, is it supposed to be servicing requests from the >>>> Internet? If it is supposed to be taking requests from the Internet, have you made sure to configure such that >>>> recursion is disabled. >>> Never mind.... >>> >>> In re-reading the original message I see the "source port" is 35442. I'm pretty sure recursion from a DNS >>> server would show 53 as the source port. >>> >>> >> I have used nslookup with the local machine as server, and I was not able to resolve anything. >> Also, the dnsmasq configuration is empty. I think I am not running a dns server... >> > Sorry, but can't you just type netstat -aptul as root to see what connections are active? > Status of services can be checked using systemctl tool: systemctl status named.service you can - but after a intrusion you can not trust any output of system-tools because you are not in the position to say 100% if the first intrusion did not use a local root-exploit after it's first run and modified your system in a way making it hard to detect rootkits
Attachment:
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
