[CLUE-Tech] Something listening on raw sockets?

Tim Russell tim.russell at ilg.com
Mon Apr 16 15:23:40 MDT 2001


Hey folks,

   I recently installed a Linux box at a hosting site as a firewall in front
of some Win2K stuff.  Anyway, it's a fast machine on a fast connection, and
I want to make sure it's secure, as it's a choice target.  Now, I'm not
worried about the services it's running, namely because it isn't running
anything but the latest SSH with no password auth, only a private key I
installed on-site.

   Anyway, what kinda wierds me out is the netstat output:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address  Foreign Address   State
tcp        0      0 0.0.0.0:22     0.0.0.0:*         LISTEN
raw        0      0 0.0.0.0:1      0.0.0.0:*         7
raw        0      0 0.0.0.0:6      0.0.0.0:*         7

This machine is running ipmasqadm portfw stuff to forward connections to the
inside webserver, but other than that and SSH, there's nothing listening.
My question is, does anyone know what the raw listeners are?  I don't think
it's the port forwarding stuff because there are more than two running.

And does anyone know what state 7 is?

The only reason I'm just a tad concerned is because this machine was onsite
at the client's place with a DSL connection.  I just want to make absolutely
sure these aren't sniffers or something.

Thanks, Tim



More information about the clue-tech mailing list