From owner-freebsd-questions  Sun Jun 21 08:50:57 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id IAA28797
          for freebsd-questions-outgoing; Sun, 21 Jun 1998 08:50:57 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from smtp2.globalserve.net (smtp2.globalserve.net [209.90.128.7])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id IAA28792
          for <questions@freebsd.org>; Sun, 21 Jun 1998 08:50:55 -0700 (PDT)
          (envelope-from geoffr@globalserve.net)
Received: from globalserve.net (dialin1925.toronto.globalserve.net [209.90.137.146])
	by smtp2.globalserve.net (8.8.8/8.8.8) with ESMTP id LAA26825
	for <questions@freebsd.org>; Sun, 21 Jun 1998 11:58:40 -0400 (EDT)
	(envelope-from geoffr@globalserve.net)
Message-ID: <358D2C1E.45A12711@globalserve.net>
Date: Sun, 21 Jun 1998 11:51:58 -0400
From: Geoffrey Robinson <geoffr@globalserve.net>
X-Mailer: Mozilla 4.03 [en] (Win95; U)
MIME-Version: 1.0
To: questions@FreeBSD.ORG
Subject: Looking for hackers with netstat
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

I've heard that hackers can hide their presence from the who and w
commands. Can they also hide their connections from netstat? Is netstat a
good way to look for intruders?

Thanks. 

BTW: When I run netstat to list connections without the -n argument it
often stops before finishing when it can't (I assume) resolve an IP. Can I
specify a timeout to keep it going?

Thanks again

-- 
Geoffrey Robinson
geoffr@globalserve.net
Oakville, Ontario, Canada.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message