URN Logo
UNIX Resources » Linux » Linux Forum » Linux Security » Page.21 » redhat 9 machine pings out every 10 and 26 seconds
announcement The content of this page is collected from Linux Forum, All copyrights and other associated rights are reserved by the original authors of the articles.
Resources
China Linux Forum(finished)
Linux Forum(finished)
FreeBSD China(finished)
linuxforum.com
  LinuxForum General Chat
  Linux Advocacy
  LinuxForum Polls
  Introductions
  Linux Kernel Support
  Patch Management
  Development Release
  Linux Programming
  Linux Security
  Linux Software
  Linux Hardware Problems
    Linux Video Problems
    Linux Sound Problems
  Linux Networking Support
  Linux Printing Support
  Linux Human Interface Devices Support
  Linux Data Storage Support
  Linux Applications Support
  Linux Installation Support
  Linux Laptops Support
  Linux Motherboard, Chipsets, CPU, Memory
  Miscellaneous
  Debian Linux Support
  Ubuntu Linux Support
  LiveCD Discussions
  Gentoo Linux Support
  Mandrake Linux Support
  Redhat / Fedora Linux Support
  Slackware Linux Support
  SuSE Linux Support
  CentOS Linux Support
  Linux Web Servers
  Linux DNS Servers
  Linux Database Servers
  Linux Email Servers
  Linux FTP Servers
  Linux Squid Proxy Server
  Linux Samba Help
  Linux cPanel Help
  Linux Ensim Help
  Linux Plesk Help
  Linux Webmin / Usermin Help
  Qmail Toaster Help
  Linux Games
  Windows Game Emulation
  Linux Discussions
  General Linux Discussions
  Red Hat Linux Discussions
  More Red Hat Linux Discussions
  Mandrake Linux Discussions
  Slackware Linux Discussions
  SuSE Linux Discussions
  Debian Discussions
  Samba Help
  Linux Security
  Linux Networking
  Gentoo Help
  Operating System Rant Forum
  Hardware Rants
   
redhat 9 machine pings out every 10 and 26 seconds
Subject: redhat 9 machine pings out every 10 and 26 seconds
Author: Alex Hunsley    Posted: 2004-08-18 08:18:36    Length: 697 byte(s)
[Original] [Print] [Top]
I have a redhat 9 machine behind a seperate hardware firewall. The redhat 9
machine is pinging a single address on the internet (flintstone.astro.rug.nl)
constantly - it will wait 10 seconds between ping 1 and ping 2, then 26 seconds
between ping 2 and 3, then 10 seconds again.... etc.

Is there any good awy to find out which process on the machine is doing this
pinging? I've had a good look at netstat -a etc and can't see anything that
looks relevant.

Are there any good scripts for linux that will look for suspicious items in the
environment (and tell me if the maachine has been exploited)?

thanks
alex

[Original] [Print] [Top]
Subject: redhat 9 machine pings out every 10 and 26 seconds
Author: NeoSadist    Posted: 2004-08-18 17:40:09    Length: 1,133 byte(s)
[Original] [Print] [Top]
Alex Hunsley wrote:

QUOTE
I have a redhat 9 machine behind a seperate hardware firewall. The redhat
9 machine is pinging a single address on the internet
(flintstone.astro.rug.nl) constantly - it will wait 10 seconds between
ping 1 and ping 2, then 26 seconds between ping 2 and 3, then 10 seconds
again.... etc.

Is there any good awy to find out which process on the machine is doing
this pinging? I've had a good look at netstat -a etc and can't see
anything that looks relevant.

Are there any good scripts for linux that will look for suspicious items
in the environment (and tell me if the maachine has been exploited)?

thanks
alex

Is it fully updated?  There have been some kernel vulnerabilities that have
been fixed since then.

--
BOFH excuse #103:

operators on strike due to broken coffee machine

[Original] [Print] [Top]
Subject: redhat 9 machine pings out every 10 and 26 seconds
Author: svek    Posted: 2004-08-19 07:44:09    Length: 642 byte(s)
[Original] [Print] [Top]
Alex Hunsley [lard@tardis.ed.ac.molar.uk] wrote in message news:[10i6p93q1j7am10@corp.supernews.com]...

QUOTE
Is there any good awy to find out which process on the machine is doing this
pinging? I've had a good look at netstat -a etc and can't see anything that
looks relevant.

ps aux should list the processes running.
If you got a heap of processes just grep for ping :)

Cheers!

/svek

[Original] [Print] [Top]
Subject: redhat 9 machine pings out every 10 and 26 seconds
Author: P Gentry    Posted: 2004-08-19 15:06:29    Length: 3,906 byte(s)
[Original] [Print] [Top]
Alex Hunsley [lard@tardis.ed.ac.molar.uk] wrote in message news:[10i6p93q1j7am10@corp.supernews.com]...
QUOTE
I have a redhat 9 machine behind a seperate hardware firewall. The redhat 9
machine is pinging a single address on the internet (flintstone.astro.rug.nl)
constantly - it will wait 10 seconds between ping 1 and ping 2, then 26 seconds
between ping 2 and 3, then 10 seconds again.... etc.

Is there any good awy to find out which process on the machine is doing this
pinging? I've had a good look at netstat -a etc and can't see anything that
looks relevant.

Are there any good scripts for linux that will look for suspicious items in the
environment (and tell me if the maachine has been exploited)?

thanks
alex

Have you monitored the process list?  Booted without internet
connection?  Sniffed the wire?  Confirmed that running processes are
the ones you expect?  In other words, precisely what have you tried?

Especially if no process _seems_ out of the ordinary, you may want to
try this:
http://www.chkrootkit.org/

BTW, from OpenRBL, flintstone.astro.rug.nl resolves to:
 Lookup 129.125.6.242 (flintstone.astro.rug.nl) in 20+10 Zones
  AS: 129.125.0.0/16 AS1103  SURFnet BV Utrecht
 Net 129.125/16 RUGNET  Groningen, Groningen @rc.rug.nl
 Results: Negative=30, Positive=0 (2004-08-19 20:50:35 UTC)

[pbrain]$ ping -c4 129.125.6.242
PING 129.125.6.242 (129.125.6.242) from my.comp.at.home : 56(84) bytes
of data.
--- 129.125.6.242 ping statistics ---
4 packets transmitted, 0 received, 100% loss, time 3018ms

[pbrain]$ /usr/sbin/traceroute 129.125.6.242
traceroute to 129.125.6.242 (129.125.6.242), 30 hops max, 38 byte
packets
 1  10.1.48.1 (10.1.48.1)  8.541 ms  6.777 ms  7.560 ms
 2  10.100.3.2 (10.100.3.2)  7.873 ms  7.271 ms  7.848 ms
 3  10.100.3.17 (10.100.3.17)  66.021 ms  65.608 ms  70.394 ms
 4  500.serial2-6.gw7.dfw7.alter.net (157.130.206.241)  67.726 ms
67.525 ms  71
 5  0.so-5-2-0.cl2.dfw13.alter.net (152.63.99.254)  68.558 ms  69.296
ms  67.047
 6  0.so-3-0-0.xl2.dfw9.alter.net (152.63.103.221)  67.306 ms  71.248
ms  65.879
 7  pos7-0.br2.dfw9.alter.net (152.63.99.213)  68.024 ms  68.860 ms
107.460 ms
 8  208.50.134.17 (208.50.134.17)  69.819 ms  73.824 ms  68.977 ms
 9  so1-0-0-2488m.ar1.ams1.gblx.net (67.17.65.242)  188.951 ms
184.792 ms  183.
10  gigasurf-amsterdam.ge-2-1-0.ar1.ams1.gblx.net (208.49.125.50)
185.156 ms
   su  06)  182.948 ms  181.750 ms
11  p11-0.cr1.amsterdam1.surf.net (145.145.166.33)  199.614 ms
185.439 ms  184.
12  po1-0.cr2.amsterdam1.surf.net (145.145.160.2)  184.782 ms  185.246
ms  181.8
13  po0-0.ar5.groningen1.surf.net (145.145.163.18)  189.597 ms
191.982 ms  188.
14  rug-router.customer.surf.net (145.145.2.2)  198.017 ms  189.466 ms
 186.550
15  * * *
hits the wall and never picks up again -- seems following net/segment
likely blocking/dropping the packets.

How did you happen to notice this occurring in the first place?

prg
email above disabled

[Original] [Print] [Top]
Subject: redhat 9 machine pings out every 10 and 26 seconds
Author:    Posted: 2004-08-19 20:03:01    Length: 760 byte(s)
[Original] [Print] [Top]
Alex Hunsley (lard@tardis.ed.ac.molar.uk) wrote:
: Is there any good awy to find out which process on the machine is doing this
: pinging? I've had a good look at netstat -a etc and can't see anything that
: looks relevant.

If your computer is slow enough, "top" may bring the offending procese to
the top of the list during the ping attempt. I found spyware on my Windows
box because it was using 5-10 seconds of CPU time every 60 seconds trying
to get out (blocked by zone alarm). The computer in question is a
first-generation pentium, however. I got suspicious when the quake demo
would run "okay", then get jumpy at predictable intervals.

Regards,

James Phillips

[Original] [Print] [Top]
« Previous thread
iptables mark qos
Linux Security
Page. 21
Next thread »
"Collision for Hash Functions MD4, MD5, HAVAL-128 and RIPEMD"
     

Copyright © 2007 UNIX Resources Network, All Rights Reserved.      About URN | Privacy & Legal | Help | Contact us
Powered by FreeBSD    webmaster: webmaster@unixresources.net
This page created on 2007-08-01 13:10:45, cost 0.026808977127075 ms.