[lug] Netstat (newbie)
Michael Deck
deckm at cleansoft.com
Tue Aug 1 16:55:46 MDT 2000
At 03:42 PM 8/1/00 -0700, Jeffrey B. Siegal wrote (in another context):
>Actually, it is pretty easy to turn off all the services with most
>distributions. A firewall doesn't need sendmail, etc. and they should be
>disabled. If you do a "netstat -an" and don't see any listeners, there almost
>no chance of a remote exploit. (I can't remember the last time there was a
>remote exploit in the kernel itself.)
Every once in a while, following these flame-wars teaches me something. I went right in and did a netstat -an and there is a listener whose IP address I don't recognize. What does this mean? There are several relevant entries:
bash$ netstat -an
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 172.16.101.1:139 0.0.0.0:* LISTEN
udp 0 0 172.16.101.1:138 0.0.0.0:*
udp 0 0 172.16.101.1:137 0.0.0.0:*
Any thoughts?
-Mike
Michael Deck
Cleanroom Software Engineering, Inc.
More information about the LUG
mailing list