netstat results

AndyII

AndyII

Verified User
Joined
Oct 3, 2006
Messages
566
sorry to be of any trouble, but the man I have to do the server work has been out of town working so I have had to "jump" into root and do my best to learn and monitor.
here is the situation, on one of the servers was an account that no longer exists, but using netstat I observed this.
tcp 0 1 old_account.com:36387 irc.dal.net:ircd SYN_SENT
Click to expand...
and also to the IP that it was assigned to, Im assuming they were hacked in some way for an IRC connection, now how do I rid the server of this pest?
I have KISS installed as of yesterday, but dont know if it has helped or not....
Andy
 
Could be an irc bot exploit trying to talk to the outside world. Try blocking the outgoing 6667 port. That did the trick for us once. Then begin your search for the offending script. Make sure your /tmp and /var/tmp directories are not executable. Remove old users that don't need to be on the machine anymore. I call all of this good housekeeping.

BigWil
 
You must log in or register to reply here.
Back
Top