Port 80?

cameron lord trieocorp-PkbjNfxxIARBDgjK7y7TUQ at public.gmane.org
Tue Jun 23 21:41:07 UTC 2009


I already did, it still says apache, i hoked up my winxp laptop (sucks) to my swiches listen port, i have an intrusion problem o.O i found that when i run Wireshark i see TONNNS of data comming from my networked storage unit to, 99.243.63.182(AXCellsecure.trieocorp.e6a2ffi6ad.xxx.xxx.xxx.xxx) which is fine, its my isp assinged ip adderss, but when i look at the same addr on the computer it was given to , i have no traffic, and the data only flows when the the computer at my location is off. Also when i listen on my Firebox watchgaurd i see no traffic except for pings and dchp ack, and my vnc server, someone is bypassing one of the most advanced hardware firewalls ever! The data i found comming out of my cable modem is all going to 125.16.27.50,and then is being served to xxx.xxx.xxx.xxx, whichisnt very helpfull at all. so far theyve downloaded 2.5 TB of my data and i cant stop them, i need to have my server online at all times!

 

 

cameron lord; Axcellsecure

 
> Date: Mon, 22 Jun 2009 20:49:22 -0400
> From: robert-5LEc/6Zm6xCUd8a0hrldnti2O/JbrIOy at public.gmane.org
> To: tlug-lxSQFCZeNF4 at public.gmane.org
> Subject: Re: [TLUG]: Port 80?
> 
> On Mon, 22 Jun 2009, cameron lord wrote:
> 
> >
> > I have a problem, i run Mepis Light on a laptop of mine in a network, 
> > and i cant get any internet anymore on it, it says my laptop is already 
> > using Port 80 for apache, but i dont have apache installed. All my other 
> > systems based on Debain have now done this too, and i cant just re-image 
> > them! help??
> 
> Hi Cameron. Run netstat -tanp | grep LISTEN as root and look to see what 
> process has port 80 open. You can then locate the relevant startup script 
> and shut it down.
> 
> You may wish to run rkhunter as "mysterious" open ports *can* be 
> indicative of an intrusion but more often there is a mundane explanation.
> 
> Cheers,
> 
> Rob
> 
> -- 
> I tried to change the world but they had a no-return policy
> --
> The Toronto Linux Users Group. Meetings: http://gtalug.org/
> TLUG requests: Linux topics, No HTML, wrap text below 80 columns
> How to UNSUBSCRIBE: http://gtalug.org/wiki/Mailing_lists

_________________________________________________________________
Attention all humans. We are your photos. Free us.
http://go.microsoft.com/?linkid=9666046
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://gtalug.org/pipermail/legacy/attachments/20090623/f40cb156/attachment.html>


More information about the Legacy mailing list