I suspect some malicious behavior on my system. What leads me to believe this is when a do a netstat -r I notice all kinds of entries for addresses on the internet like ns4.ctccom.net and ns1.net.umd.edu to name just a few. In addition my server can do DNS now, when in the past it was unable to. This might be nothing however I was wondering if someone could give me some guidence to look further.
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Potential Hack
- Thread starter mezanine
- Start date
stanhubble
MIS
check out /etc/resolv.conf
this contains any dns server definitions for address resolution.
check for named running if you want to see if you are running a dns server.
as far as the routing information this can be "learned" if you have routed running.
this contains any dns server definitions for address resolution.
check for named running if you want to see if you are running a dns server.
as far as the routing information this can be "learned" if you have routed running.
- Thread starter
- #3
stanhubble
MIS
are you running the unix machine as a dhcp client or does it have a fixed ip?
- Thread starter
- #5
Annihilannic
MIS
You are probably running routed and those hosts may be broadcasting routing information using RIP (Routing Information Protocol). It is quite safe to disable routed by commenting out the relevant lines in /etc/tcp, which I do as part of a standard install. Annihilannic.
- Thread starter
- #7
Annihilannic
MIS
You will obviously also have to kill the currently running instance of routed. Annihilannic.
- Status