From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1IY8yx-0001QC-SC for garchives@archives.gentoo.org; Wed, 19 Sep 2007 23:29:26 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l8JNKLrg007314; Wed, 19 Sep 2007 23:20:21 GMT Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.181]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l8JNGAda002774 for ; Wed, 19 Sep 2007 23:16:12 GMT Received: by wa-out-1112.google.com with SMTP id k34so405964wah for ; Wed, 19 Sep 2007 16:16:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=vfUaZ3HiZ2DboA+Gh+Dc/2nJJZ0bEP+gAYDLU/h+VvU=; b=qVRf0GXQZkvN2LC+rDqJTwaXxIqU8XT4eFWfQXRZ6JARwp4593ZtxM3Uiug0FM8d2cs1QnAQ4uuPEyVTISw+9mMlR8wscBBtU1O+lAIV6hWju7wFprmVa8yLF9dX1a0WlISm1DpftUb6Q6Wlch+Y2LRHz38IrLASX9Ggca/UcOY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=S/v0bDGsuQhpkh8qV5tRQZncfGBSecZnxO4pYLXvLlamoRX3bh16DS4tT+K52YfmrJHvJqNvlpFfRh+s9jSMT4XJg0WZqdJ2Q9YIpEYhTnuOBIyR/0GA8QYPHNYNnzA8TjSTHiDWAl9hJ10v5EyYCbHzOaj7g32XSaHYnuVEkbE= Received: by 10.114.67.2 with SMTP id p2mr281513waa.1190243769055; Wed, 19 Sep 2007 16:16:09 -0700 (PDT) Received: by 10.115.110.15 with HTTP; Wed, 19 Sep 2007 16:16:09 -0700 (PDT) Message-ID: <49bf44f10709191616u4939b86dla32ef38067ea7702@mail.gmail.com> Date: Wed, 19 Sep 2007 16:16:09 -0700 From: Grant To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Hacked by association? In-Reply-To: <200709192023.34859.michaelkintzios@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <49bf44f10709191109x58494aa3n3182cea59553d510@mail.gmail.com> <20070919131853.5f817b31@pascal.spore.ath.cx> <49bf44f10709191136u7157bceet52b7b5b06ec9d6ac@mail.gmail.com> <200709192023.34859.michaelkintzios@gmail.com> X-Archives-Salt: a01ee2f1-37cd-4bd3-9672-4a4330394695 X-Archives-Hash: 8a35fccfae657582a214ccd556b61497 > > I recognize everything in 'ps -ef' I think, but I've never really used > > netstat before. Under "Active Internet connections" I don't > > recognize: > > > > tcp localhost:10030 > > tcp *:snpp > > Also, snpp is for pagers: > http://en.wikipedia.org/wiki/Simple_Network_Paging_Protocol With netstat -lp it looks like *:snpp is associated with apache2 and is using the same pid as *:http and *:https. I've never set up anything having to do with a pager. I've never had a pager. What can I do to investigate that further? > Then run lsof (check man lsof) to see if there is anything suspicious there, > like another user logged in either as root or with a different name. Any handy lsof commands? - Grant -- gentoo-user@gentoo.org mailing list