I want to unsubscribe ! thanks ----- Original Message ----- From: "Jonas Lindborg" <jools@xxxxxxxxx> To: <netfilter@xxxxxxxxxxxxxxxxxxx> Sent: Saturday, August 30, 2003 2:37 PM Subject: ip_conntrack vs netstat > Hello, > > When comparing the output of /proc/net/ip_conntrack with the "netstat" > command, I'm seeing a few established connections in ip_conntrack that are > not presented by netstat. > > These are familiar connections (ssh, imap) to known hosts that could very > well have been done by me but not in the last 24 hrs so they should have > timed out a long time ago. > > "ps" shows no such processes running so this immediately raises the > suspicion that the machine could be compromised and connections are hidden > from netstat and ps. > But if this was the case there should be some connections to unknown hosts > showing in ip_conntrack as well so I should be able to rule out that > possibility (?). > > Now for my question: > Can anyone confirm that ip_conntrack can show "ghost" connections like > these? >
