Berkeley CSUA MOTD:Entry 21221
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2025/07/13 [General] UID:1000 Activity:popular
7/13    

2001/5/10 [Computer/Networking] UID:21221 Activity:kinda low
5/9     netstat -upl, run as root on a Linux box:
        Active Internet connections (only servers)
        Proto Local Address  Foreign Address   PID/Program name
        udp   *:32768        *:*               -
        udp   *:799          *:*               -
        udp   *:800          *:*               -
        udp   *:sunrpc       *:*               110/portmap
        Is there any way of determining who is listening on 32768
        and friends?  I don't think I've been 0wn3d...?
        \_ lsof -i :32768
           \_ losf is probably trojaned, so is netstat. You will
              never be able to track it down. Reinstall while you
              still have a chance.
              \_ Victim could build and copy in tools from somewhere else
                 but if Victim was really hacked, you're right.  Reinstall
                 and do a better job securing the box next time.
           \_ So, what, go OpenBSD?
                \_ Or maybe just stop running random and useless services you
                   don't need or use that are known to come from a bad code
                   base like wu-ftpd.
           \_ "lsof -V -i UDP:32768" produces:
                 lsof: Internet address not located: UDP:32768
2025/07/13 [General] UID:1000 Activity:popular
7/13    

You may also be interested in these entries...
2013/8/22-10/28 [Computer/Companies/Yahoo, Industry/SiliconValley] UID:54732 Activity:nil
8/22    http://marketingland.com/yahoo-1-again-not-there-since-early-08-56585
        Y! is back to #1! Marissa, you are SEXY!!!
        \_ how the heck do you only have 225M uniq vis/month when there
           are over 1 billion internet devices out there?
           \_ You think that every single Internet user goes to Y!?
        \_ Tall blonde skinny pasty, not my type at all -former Y!
	...
2013/6/26-8/13 [Computer/Domains, Computer/Networking, Computer/SW/WWW/Browsers] UID:54697 Activity:nil
6/26    This ones for you psb -ausman
        http://25.media.tumblr.com/027fe67c84c2288cc16e9c85db690834/tumblr_mp0ag8DCQI1qzwozco1_1280.jpg
        \- that's pretty good. i wish someone had put the idea to be before i saw
           it on the internet, so see if i'd have put the 9 justices in the same
           boxes. JOHN PAUL STEVENS >> All the sitting justices. --psb
        \- that's pretty good. i wish someone had put the idea to be before i
	...
2012/4/2-6/4 [Computer/SW/Languages/Java, Computer/SW/RevisionControl] UID:54353 Activity:nil
4/02    We use Perforce at work for revision control. It seems to work okay.
        Lately, a lot of the newer developers are saying that Perforce
        sucks and we should switch to Mercurial or Git. I have done some
        searching on the Internet and some others have this opinion. Added
        advantage is that Mercurial and Git are free. However, there would
        be some work to switch for the sysadmins and the developers.
	...
2012/4/26-6/4 [Computer/Networking] UID:54371 Activity:nil
4/26    I see that soda has an ipv6 address but ipv6 traffic from this box
        doesn't actually work (ping6 <DEAD>ipv6.google.com<DEAD>, ping6 http://www.v6.facebook.com
        Is this expected to work?
        \_ Soda doesn't have a real IPv6 address.  The IPv6 addresses you see
           in ifconfig are just link-local addresses; any IPv6-capable machine
           will autogenerate these, whether or not it's connected to an IPv6
	...
2011/11/8-30 [Computer/SW/Security, Computer/SW/OS/Windows] UID:54218 Activity:nil
11/8    ObM$Sucks
        http://technet.microsoft.com/en-us/security/bulletin/ms11-083
        \_ How is this different from the hundreds of other M$ security
           vulnerabilities that people have been finding?
           \_ "The vulnerability could allow remote code execution if an
               attacker sends a continuous flow of specially crafted UDP
	...
2011/2/6-19 [Computer/Networking] UID:54028 Activity:nil
2/5     hmm.
$netstat -at | grep LISTEN
tcp        0      0 *:43300                 *:*                     LISTEN
        \_ this is an sshd
tcp        0      0 *:49416                 *:*                     LISTEN
tcp        0      0 *:36201                 *:*                     LISTEN
	...