Problema en el server

Imagen de BitFrost

Forums: 

Aqui regresando al server despues de un tiempo 14 dias exactos me encuentro con esto
[root@servidor rc.d]# netstat -tapun
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 8175/(squid)
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 2636/perl
tcp 0 0 127.0.0.1:5335 0.0.0.0:* LISTEN 2341/mDNSResponder
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 5884/sendmail: acce
tcp 0 0 200.55.229.194:25 200.55.226.34:1412 ESTABLISHED 26749/sendmail: ser
tcp 0 0 200.55.229.194:34404 65.68.120.204:6860 ESTABLISHED 20479/
tcp 0 0 :::80 :::* LISTEN 4331/httpd
tcp 0 0 :::22 :::* LISTEN 2374/sshd
tcp 0 0 :::443 :::* LISTEN 4331/httpd
tcp 0 1188 ::ffff:200.55.229.194:22 ::ffff:200.55.226.34:1371 ESTABLISHED 26700/2
udp 0 0 0.0.0.0:10000 0.0.0.0:* 2636/perl
udp 0 0 0.0.0.0:32817 0.0.0.0:* 8175/(squid)
udp 0 0 0.0.0.0:3130 0.0.0.0:* 8175/(squid)
udp 0 0 0.0.0.0:5353 0.0.0.0:* 2341/mDNSResponder
udp 0 0 0.0.0.0:5353 0.0.0.0:* 2341/mDNSResponder
[root@servidor rc.d]# ps -A
PID TTY TIME CMD
1 ? 00:00:00 init
2 ? 00:00:00 ksoftirqd/0
3 ? 00:00:00 events/0
4 ? 00:00:00 khelper
5 ? 00:00:00 kacpid
24 ? 00:00:00 kblockd/0
34 ? 00:00:00 pdflush
37 ? 00:00:00 aio/0
25 ? 00:00:00 khubd
36 ? 00:00:01 kswapd0
110 ? 00:00:00 kseriod
184 ? 00:00:00 ata/0
186 ? 00:00:00 scsi_eh_0
187 ? 00:00:00 scsi_eh_1
193 ? 00:00:01 kjournald
1120 ? 00:00:00 udevd
1837 ? 00:00:00 kjournald
1838 ? 00:00:00 kjournald
2251 ? 00:00:02 syslogd
2255 ? 00:00:01 klogd
2311 ? 00:00:00 nifd
2341 ? 00:00:00 mDNSResponder
2354 ? 00:00:00 smartd
2364 ? 00:00:00 acpid
2374 ? 00:00:00 sshd
2385 ? 00:00:00 xinetd
2425 ? 00:00:00 gpm
2435 ? 00:00:00 crond
2449 ? 00:00:00 squid
2479 ? 00:00:00 xfs
2504 ? 00:00:00 atd
2523 ? 00:00:00 dbus-daemon-1
2533 ? 00:00:00 cups-config-dae
2544 ? 00:05:38 hald
2564 ? 00:00:00 mdmpd
2636 ? 00:00:00 miniserv.pl
2643 tty1 00:00:00 mingetty
2656 tty2 00:00:00 mingetty
2710 tty3 00:00:00 mingetty
2785 tty4 00:00:00 mingetty
2804 tty5 00:00:00 mingetty
2817 tty6 00:00:00 mingetty
2830 ? 00:00:00 gdm-binary
3123 ? 00:00:00 gdm-binary
3152 ? 00:00:05 X
3307 ? 00:00:00 gnome-session
3332 ? 00:00:00 ssh-agent
3365 ? 00:00:00 dbus-launch
3366 ? 00:00:00 dbus-daemon-1
3370 ? 00:00:00 gconfd-2
3373 ? 00:00:00 gnome-keyring-d
3375 ? 00:00:00 bonobo-activati
3377 ? 00:00:00 gnome-settings-
3383 ? 00:00:00 gam_server
3415 ? 00:00:00 metacity
3419 ? 00:00:00 gnome-panel
3421 ? 00:00:00 nautilus
3423 ? 00:00:00 gnome-volume-ma
3425 ? 00:00:00 eggcups
3427 ? 00:00:00 pam-panel-icon
3430 ? 00:00:00 pam_timestamp_c
3435 ? 00:00:00 gnome-vfs-daemo
3440 ? 00:00:00 wnck-applet
3445 ? 00:00:00 mapping-daemon
3447 ? 00:00:00 mixer_applet2
3449 ? 00:00:00 clock-applet
3451 ? 00:00:00 notification-ar
3453 ? 00:00:01 gnome-terminal
3454 ? 00:00:00 gnome-pty-helpe
3455 pts/1 00:00:00 bash
8175 ? 00:03:39 squid
8176 ? 00:00:00 unlinkd
4331 ? 00:00:01 httpd
5553 ? 00:00:00 pdflush
5884 ? 00:00:00 sendmail
5893 ? 00:00:00 sendmail
20477 ? 00:00:00 sh
20479 ? 00:00:00 sh
20421 ? 00:00:00 httpd
20422 ? 00:00:00 httpd
20423 ? 00:00:00 httpd
20424 ? 00:00:00 httpd
20425 ? 00:00:00 httpd
20426 ? 00:00:00 httpd
20427 ? 00:00:00 httpd
20428 ? 00:00:00 httpd
24809 ? 00:00:00 httpd
24810 ? 00:00:00 httpd
26700 ? 00:00:00 sshd
26702 pts/2 00:00:00 bash
26749 ? 00:00:00 sendmail
26988 pts/2 00:00:00 ps
[root@servidor rc.d]#

65.68.120.204 quien eres??? y que haces???

Por las dudas

[root@servidor rc.d]# netstat -tapun
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 8175/(squid)
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 2636/perl
tcp 0 0 127.0.0.1:5335 0.0.0.0:* LISTEN 2341/mDNSResponder
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 5884/sendmail: acce
tcp 0 0 200.55.229.194:25 200.55.226.34:1412 ESTABLISHED 26749/sendmail: ser
tcp 0 0 200.55.229.194:34404 65.68.120.204:6860 ESTABLISHED 20479/
tcp 0 0 :::80 :::* LISTEN 4331/httpd
tcp 0 0 :::22 :::* LISTEN 2374/sshd
tcp 0 0 :::443 :::* LISTEN 4331/httpd
tcp 0 1188 ::ffff:200.55.229.194:22 ::ffff:200.55.226.34:1371 ESTABLISHED 26700/2
udp 0 0 0.0.0.0:10000 0.0.0.0:* 2636/perl
udp 0 0 0.0.0.0:32817 0.0.0.0:* 8175/(squid)
udp 0 0 0.0.0.0:3130 0.0.0.0:* 8175/(squid)
udp 0 0 0.0.0.0:5353 0.0.0.0:* 2341/mDNSResponder
udp 0 0 0.0.0.0:5353 0.0.0.0:* 2341/mDNSResponder
[root@servidor rc.d]# kill 20479
[root@servidor rc.d]# netstat -tapun
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 8175/(squid)
tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 2636/perl
tcp 0 0 127.0.0.1:5335 0.0.0.0:* LISTEN 2341/mDNSResponder
tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 5884/sendmail: acce
tcp 0 0 200.55.229.194:25 200.55.226.34:1412 ESTABLISHED 26749/sendmail: ser
tcp 0 0 200.55.229.194:34404 65.68.120.204:6860 TIME_WAIT -
tcp 0 0 :::80 :::* LISTEN 4331/httpd
tcp 0 0 :::22 :::* LISTEN 2374/sshd
tcp 0 0 :::443 :::* LISTEN 4331/httpd
tcp 0 1188 ::ffff:200.55.229.194:22 ::ffff:200.55.226.34:1371 ESTABLISHED 26700/2
udp 0 0 0.0.0.0:10000 0.0.0.0:* 2636/perl
udp 0 0 0.0.0.0:32817 0.0.0.0:* 8175/(squid)
udp 0 0 0.0.0.0:3130 0.0.0.0:* 8175/(squid)
udp 0 0 0.0.0.0:5353 0.0.0.0:* 2341/mDNSResponder
udp 0 0 0.0.0.0:5353 0.0.0.0:* 2341/mDNSResponder
[root@servidor rc.d]#

Hazle un traceroute: HOS

Imagen de RazaMetaL

Hazle un traceroute:


HOST LOSS RCVD SENT BEST AVG WORST
ge2-8-1000m.sw1.easynews.com 0% 10 10 0.42 9.06 81.76
ae0-4000m-core-02.phx1.puregig.net 0% 10 10 0.48 1.94 11.34
ge0-0-0-51.jr1.phx1.llnw.net 0% 10 10 0.92 2.33 13.14
so7-5-0.jr1.lax.llnw.net 0% 10 10 10.91 11.87 18.44
ex2-g1-0-0.eqlaca.sbcglobal.net 0% 10 10 11.29 30.00 162.99
ex1-p2-0.eqlaca.sbcglobal.net 0% 10 10 11.09 11.35 12.00
bb1-p6-0.cranca.sbcglobal.net 0% 10 10 12.01 54.49 160.67
core1-p9-0.cranca.sbcglobal.net 0% 10 10 12.30 13.44 19.20
core2-p8-0.cranca.sbcglobal.net 0% 10 10 12.26 13.97 21.38
core2-p4-0.crskut.sbcglobal.net 0% 10 10 25.47 66.13 133.25
core1-p1-0.crskut.sbcglobal.net 0% 10 10 25.48 26.68 34.67
core1-p2-0.crdnco.sbcglobal.net 0% 10 10 34.94 110.18 292.11
core1-p3-0.crkcmo.sbcglobal.net 0% 10 10 60.88 72.98 130.83
bb1-p5-1.ksc2mo.sbcglobal.net 0% 10 10 61.29 89.78 178.46
bb2-p15-0.ksc2mo.sbcglobal.net 0% 10 10 61.11 73.17 119.74
bb2-p3-0.okcyok.sbcglobal.net 0% 10 10 67.72 73.09 117.93
dist1-vlan30.okcyok.sbcglobal.net 0% 10 10 67.48 70.61 89.74
rback2-fa2-0.okcyok.sbcglobal.net 0% 10 10 67.66 70.46 77.48
adsl-65-68-120-204.dsl.okcyok.swbell.net 10% 9 10 73.13 74.19 76.19

--------------------------
Antes de preguntar visita: [url]http://www.sindominio.net/ayuda/preguntas-inteligentes.html[/url]




[img]http://www.bbspot.com/Images/News_Features/2003/01/os_quiz/debian.jpg[/img]

-----

Visita este [url=http://www.sindominio.net/ayuda/preguntas-inteligentes.html]link[/url] :evil:

[img]http://www.bbspot.com/Images/News_Features/2003/01/os_quiz/debian.jpg[/img]

(adsbygoogle = window.adsbygoogle || []).push({});

www.rootkit.nl baja y ejecuta

Imagen de Epe

www.rootkit.nl baja y ejecuta este rootkit hunter, creo que si alguien anda metido tienes algún problema un poquito grave.

saludos desde cuba
epe

--
http://www.ecualinux.com

Saludos
epe

EcuaLinux.com

+(593) 9 9924 6504

Servicios en Software Libre