From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1IYDZF-0007Yp-NL for garchives@archives.gentoo.org; Thu, 20 Sep 2007 04:23:10 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l8K4E7Qh010651; Thu, 20 Sep 2007 04:14:07 GMT Received: from rwcrmhc11.comcast.net (rwcrmhc11.comcast.net [204.127.192.81]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l8K49rCd005866 for ; Thu, 20 Sep 2007 04:09:54 GMT Received: from spore.ath.cx ([24.245.14.14]) by comcast.net (rwcrmhc11) with ESMTP id <20070920040952m11003mjaje>; Thu, 20 Sep 2007 04:09:52 +0000 Received: from pascal.spore.ath.cx (pascal.spore.ath.cx [192.168.1.100]) by spore.ath.cx (Postfix) with ESMTP id 58B24275C0 for ; Wed, 19 Sep 2007 23:09:52 -0500 (CDT) Date: Wed, 19 Sep 2007 23:09:52 -0500 From: Dan Farrell To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Hacked by association? Message-ID: <20070919230952.0b8812c4@pascal.spore.ath.cx> In-Reply-To: <49bf44f10709191847i49917d8by150eb6416a720aa0@mail.gmail.com> References: <49bf44f10709191109x58494aa3n3182cea59553d510@mail.gmail.com> <20070919131853.5f817b31@pascal.spore.ath.cx> <49bf44f10709191136u7157bceet52b7b5b06ec9d6ac@mail.gmail.com> <200709192023.34859.michaelkintzios@gmail.com> <49bf44f10709191616u4939b86dla32ef38067ea7702@mail.gmail.com> <49bf44f10709191847i49917d8by150eb6416a720aa0@mail.gmail.com> Organization: Spore, Ltd. X-Mailer: Claws Mail 2.9.1 (GTK+ 2.10.13; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Archives-Salt: 76442ab1-c715-4d8b-8374-ade915028716 X-Archives-Hash: d6752e03406320e040f9819c8631d9d6 On Wed, 19 Sep 2007 18:47:37 -0700 Grant wrote: > > > > I recognize everything in 'ps -ef' I think, but I've never > > > > really used netstat before. Under "Active Internet > > > > connections" I don't recognize: > > > > > > > > tcp localhost:10030 > > > > tcp *:snpp > > > > > > Also, snpp is for pagers: > > > http://en.wikipedia.org/wiki/Simple_Network_Paging_Protocol > > > > With netstat -lp it looks like *:snpp is associated with apache2 and > > is using the same pid as *:http and *:https. I've never set up > > anything having to do with a pager. I've never had a pager. What > > can I do to investigate that further? > > This snpp pager thing is the weirdest thing I've found. It sounds > like the kind of thing I would know if I set up. Someone has some > kind of pager alert installed on my system? > > - Grant http://www.qpage.org/rfc1861.html Network Working Group Request for Comments: 1861 October 1995 ... ...1. Introduction With all due apologies to the Glenayre engineers (who take offense at the term "nerd") beepers are as much a part of computer nerdom as X- terminals--perhaps, unfortunately, more. The intent of Simple Network Paging Protocol is to provide a standard whereby pages can be delivered to individual paging terminals... I thought that was amusing. Now I think the question is, if apache is really serving that, isn't something going to show up in the logs maybe? and BTw, have you done an external portmap? -- gentoo-user@gentoo.org mailing list