From owner-freebsd-security  Wed Sep 26  9:26:46 2001
Delivered-To: freebsd-security@freebsd.org
Received: from ringworld.nanolink.com (straylight.ringlet.net [217.75.134.254])
	by hub.freebsd.org (Postfix) with SMTP id 9057037B40E
	for <freebsd-security@freebsd.org>; Wed, 26 Sep 2001 09:26:37 -0700 (PDT)
Received: (qmail 6752 invoked by uid 1000); 26 Sep 2001 16:25:49 -0000
Date: Wed, 26 Sep 2001 19:25:49 +0300
From: Peter Pentchev <roam@ringlet.net>
To: edwin chan <slack@suntop-cn.com>
Cc: freebsd-security@freebsd.org
Subject: Re: what 's the output mean ? maybe I am under attack ?
Message-ID: <20010926192549.A633@ringworld.oblivion.bg>
Mail-Followup-To: edwin chan <slack@suntop-cn.com>,
	freebsd-security@freebsd.org
References: <000701c1469d$436b4d80$9201a8c0@home.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <000701c1469d$436b4d80$9201a8c0@home.net>; from slack@suntop-cn.com on Wed, Sep 26, 2001 at 11:09:34PM +0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Wed, Sep 26, 2001 at 11:09:34PM +0800, edwin chan wrote:
> today, when i run "netstat -p tcp" i found something not normal, is it mean
> my box under attack ?

What exactly do you consider to be 'not normal'?

> $ netstat -p tcp
> tcp:
>         32949909 packets sent
>                 26228892 data packets (553570256 bytes)
>                 998760 data packets (1014872219 bytes) retransmitted
>                 37 resends initiated by MTU discovery
>                 5231789 ack-only packets (0 delayed)
>                 0 URG only packets
>                 27011 window probe packets
>                 43314 window update packets
>                 420146 control packets
>         22126272 packets received
>                 15191487 acks (for 455329912 bytes)
>                 1713060 duplicate acks
>                 397 acks for unsent data
>                 4281933 packets (3828576231 bytes) received in-sequence
>                 114136 completely duplicate packets (22646316 bytes)
>                 0 old duplicate packets
>                 541 packets with some dup. data (307470 bytes duped)
>                 275937 out-of-order packets (110838044 bytes)
>                 212 packets (54004 bytes) of data after window
>                 0 window probes
>                 270521 window update packets

G'luck,
Peter

-- 
This sentence every third, but it still comprehensible.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message