problems with jail

Jim Stapleton stapleton.41 at gmail.com
Sat Feb 24 03:36:09 UTC 2007 

OK, I have a fairly sizeable list, but it looks like most stuff is
bound to 192.168.1.84 except two things, one is closed, and the other
is syslog (guess I have to look at it's man page). It also looks like
there is something else there. I guess I'll be looking at the netstat
man page to figure out how to get the name of the daemon touch it:

 > netstat -f inet -a; netstat -f inet6 -a
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
tcp4       0      0  192.168.1.84.57256     ar-in-f18.google.http  ESTABLISHED
tcp4       0      0  192.168.1.84.62237     caim-m05b.blue.a.aol   TIME_WAIT
tcp4       0      0  192.168.1.84.58627     oam-d17a.blue.ao.aol   TIME_WAIT
tcp4       0      0  192.168.1.84.64265     205.188.7.124.aol      TIME_WAIT
tcp4       0      0  192.168.1.84.ssh       *.*                    LISTEN
tcp4       0      0  *.*                    *.*                    CLOSED
tcp4       0      0  192.168.1.84.61774     ar-in-f19.google.http  ESTABLISHED
tcp4       0      0  192.168.1.84.53732     ar-in-f83.google.http  ESTABLISHED
udp4       0      0  *.syslog               *.*
Active Internet connections (including servers)
Proto Recv-Q Send-Q  Local Address          Foreign Address        (state)
udp6       0      0  *.syslog               *.*



On 2/24/07, Harald Schmalzbauer <h.schmalzbauer at omnisec.de> wrote:
> Am Samstag, 24. Februar 2007 04:21 schrieb Jim Stapleton:
> > I did the ssh after you did the previous mail, but it didn't fix the
> > problem.
> >
> > I'm not having problems senmail or named, they were simply mentioned
> > in the man page. I never had named running, and I didn't realize
> > sendmail was running. The latter was my problem with sendmail. That
> > problem as I said is fixed. Beyond that I don't even know which
> > process on my system are daemons at this point, except usbd and devd,
> > neither of which (to my knowledge) should be listening to any sockets.
> > Actually there are a couple of kernel processes (pagedaemon, vmdaemon,
> > and bufdaemon), but I don't know where to find documentation on them,
> > X, and KDM. I can't find anything on limiting sockets of these to a
> > specific IP only.
>
> To see what daemons are listening you can use 'netstat -f inet -a'. Then you
> see if you have to limit some other daemons (use -f inet6 for IPv6 if
> configured).
>
> Please post the output of the command above to see why you get ssh connections
> to your jail IP answered by the host's ssh daemon.
>
> -Harry
>
> --
> OmniSEC  -  UNIX und Windows Netzwerke - Sicher
> Harald Schmalzbauer
> Flintsbacher Str. 3
> 80686 München
> +49 (0) 89 18947781
> +49 (0) 160 93860101
>

More information about the freebsd-questions mailing list