[ale] odd lsof -i.

Wed Jun 13 17:51:57 EDT 2001

I'm curious of the security of a box... There's a big empty time span
missing from this morn and sendmail went down this morn.  I'm also
see'ing this:

[root at rl1 log]# lsof -i
COMMAND    PID USER   FD   TYPE  DEVICE SIZE NODE NAME
sshd       450 root    3u  IPv4     395       TCP *:ssh (LISTEN)
xntpd      465 root    4u  IPv4     420       UDP *:ntp 
xntpd      465 root    5u  IPv4     421       UDP d94s117.subd.company.com:ntp 
xntpd      465 root    6u  IPv4     422       UDP rl1.subd.company.com:ntp 

I'm curious about the 3rd entry.  That is in theory a machine inside the
company but it doesn't answer pings and I can't figure out why it'd be
talking to this machine on the ntp protocol.  This machine isn't an
ntp server and that 3rd entry is dhcp so it's not a server either.

I'm nmaping the box now.

Thoughts?

:wq!
---------------------------------------------------------------------------
Robert L. Harris                |  Micros~1 :  
Senior System Engineer          |    For when quality, reliability 
  at RnD Consulting             |      and security just aren't
                                \_       that important!
DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.
FYI:
 perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'

--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.