Results 1 to 3 of 3
Hi guys I got a little question about the output from netstat. I was looking through the man page when I came across the -e switch. I used it a ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
- 04-15-2009 #1
netstat -e and root
I got a little question about the output from netstat. I was looking through the man page when I came across the -e switch. I used it a couple of times and then noticed something which I found a little weird. I doubt its a security problem but I'd still like it explained if somebody could. Basically sometimes I find root in the user column instead of my username. This is generally (but not always) for connections to Verisign or equivalents. Just wondered why really, seeing as I run firefox from the package downloaded from the mozilla site that runs from its own folder.
Why are these connections there? Or more specifically, why are there any connections to root?
Here's an example output:
Fatback@mepis1:~$ netstat -et Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State User Inode tcp 0 0 233.Red-81-41-32.s:5650 188.8.131.52:www ESTABLISHEDFatback 220669 tcp 1 1 233.Red-81-41-32.s:1704 184.108.40.206.stat:www LAST_ACK root 0 tcp 0 1 233.Red-81-41-32.s:4461 www.grc.com:https SYN_SENT Fatback 221439 tcp 1 0 233.Red-81-41-32.s:5650 220.127.116.11:www CLOSE_WAIT Fatback 220669 tcp 0 1 233.Red-81-41-32.s:4462 www.grc.com:https SYN_SENT Fatback 221441 tcp 0 0 233.Red-81-41-32.s:4459 www.grc.com:https ESTABLISHEDFatback 221437 tcp 0 0 233.Red-81-41-32.s:1986 OCSP.NYC3.verisign.:www TIME_WAIT root 0 tcp 0 1 233.Red-81-41-32.s:4460 www.grc.com:https SYN_SENT Fatback 221438 tcp 0 0 233.Red-81-41-32.s:1986 OCSP.NYC3.verisign.:www TIME_WAIT root 0 tcp 0 506 233.Red-81-41-32.s:4460 www.grc.com:https ESTABLISHEDFatback 221438 tcp 0 192 233.Red-81-41-32.s:4464 www.grc.com:https ESTABLISHEDFatback 221510" I didn't know it was a picture of his wife! I thought it was a publicity shot form Planet Of the Apes."
- 04-22-2009 #2
- Join Date
- Apr 2009
- I can be found either 40 miles west of Chicago, or in a galaxy far, far away.
Some applications use system services that are only available to root, so they are chmod'd to be setuid root. When you run them, they are run under the root user account. These are major points of vulnerability and must be trusted programs as if they are compromised, then the system is at risk. Apparently, the public key and certificate of authority functions provided by Verisign require root privileges, so its applications are setuid root. So, even if you run them, they still appear to be run by root. Ok?
Just remember, Semper Gumbi - always be flexible!
- 04-24-2009 #3
Thanks for the info Rubberman. Got it" I didn't know it was a picture of his wife! I thought it was a publicity shot form Planet Of the Apes."