compromised apache2?
Yuelin Li
liy12 at mskcc.org
Tue Dec 25 23:02:13 UTC 2007
I have noticed unexpected tcp connections whenever I start
/etc/init.d/apache2 (see netsstat output below). These connections
appear in a couple of minutes, first the top two entries, then four
and stay at four. I am not running any other web-related utilities,
no firefox. I can't explain why I see them. These connections go away
almost immediately when I stop apache2.
My questions are: 1) is my apache2 installation compromised? and 2)
if so, how should I remediate it? Many thanks in advance,
Yuelin.
% netstat -atu
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 *:www *:* LISTEN
tcp 0 0 sky.local:www 91-110-14-210.server:96 SYN_RECV
tcp 0 0 sky.local:www 91-110-14-210.serve:www SYN_RECV
tcp 0 0 sky.local:www 91-110-14-210.serve:216 SYN_RECV
tcp 0 0 sky.local:www 91-110-14-210.serve:236 SYN_RECV
tcp 0 0 localhost:ipp *:* LISTEN
tcp6 0 0 *:ssh *:* LISTEN
=====================================================================
Please note that this e-mail and any files transmitted with it may be
privileged, confidential, and protected from disclosure under
applicable law. If the reader of this message is not the intended
recipient, or an employee or agent responsible for delivering this
message to the intended recipient, you are hereby notified that any
reading, dissemination, distribution, copying, or other use of this
communication or any of its attachments is strictly prohibited. If
you have received this communication in error, please notify the
sender immediately by replying to this message and deleting this
message, any attachments, and all copies and backups from your
computer.
More information about the ubuntu-users
mailing list