?
Solved

netstat

Posted on 1998-08-02
3
Medium Priority
?
633 Views
Last Modified: 2013-12-23
When I do a netstat command I see several established
connections on my box.  I allowed a kid full access (big
mistake) so he could do a bot.  I find that as superuser and
logged in remote I cannot do a reboot.  How can I kill these
connections off ?
0
Comment
Question by:fm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 3

Expert Comment

by:elfie
ID: 1583066
Not all connections need to be remote connections.
In general killing connections, means that will need to kill some services(deamon processes).
Most of the local connections will be re-established, once the deamon process is running again.
You can check your /etc/rc files to see which services are started. You can disabled them by putting them in comment (Also verify /etc/inittab)

0
 
LVL 1

Expert Comment

by:mohammedg
ID: 1583067
What type of Unix are you running ?
And when you say that you allowed full access, does that mean that you gave full root
permissions to that user?
0
 
LVL 2

Accepted Solution

by:
JYoungman earned 100 total points
ID: 1583068
You can use identd (rfc 1413) queries to find out
who the processes belong to, and often what their PID is.

Alternatively you could add an entry to the routing table for the particular host to which the unwanted data is directed, to make sure it fails to get there (or use firewall output rules if your box is BSD or Linux based).


I'm very surprised that you can't do a reboot from a remote machine.  What does "shutdown" say when it refuses? You are running it as root, yes?


0

Featured Post

Why Off-Site Backups Are The Only Way To Go

You are probably backing up your data—but how and where? Ransomware is on the rise and there are variants that specifically target backups. Read on to discover why off-site is the way to go.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question