Solved

netstat

Posted on 1998-08-02
3
632 Views
Last Modified: 2013-12-23
When I do a netstat command I see several established
connections on my box.  I allowed a kid full access (big
mistake) so he could do a bot.  I find that as superuser and
logged in remote I cannot do a reboot.  How can I kill these
connections off ?
0
Comment
Question by:fm
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 3

Expert Comment

by:elfie
ID: 1583066
Not all connections need to be remote connections.
In general killing connections, means that will need to kill some services(deamon processes).
Most of the local connections will be re-established, once the deamon process is running again.
You can check your /etc/rc files to see which services are started. You can disabled them by putting them in comment (Also verify /etc/inittab)

0
 
LVL 1

Expert Comment

by:mohammedg
ID: 1583067
What type of Unix are you running ?
And when you say that you allowed full access, does that mean that you gave full root
permissions to that user?
0
 
LVL 2

Accepted Solution

by:
JYoungman earned 50 total points
ID: 1583068
You can use identd (rfc 1413) queries to find out
who the processes belong to, and often what their PID is.

Alternatively you could add an entry to the routing table for the particular host to which the unwanted data is directed, to make sure it fails to get there (or use firewall output rules if your box is BSD or Linux based).


I'm very surprised that you can't do a reboot from a remote machine.  What does "shutdown" say when it refuses? You are running it as root, yes?


0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you try to share a printer , you may receive one of the following error messages. Error message when you use the Add Printer Wizard to share a printer: Windows could not share your printer. Operation could not be completed (Error 0x000006…
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question