View Single Post
  #5  
Old 31st July 2011, 12:41
MaddinXx MaddinXx is offline
Senior Member
 
Join Date: Jul 2011
Location: Switzerland
Posts: 200
Thanks: 26
Thanked 65 Times in 48 Posts
Default

Hi Falko

Thanks for helping The server is located in a data center.

Here is the output of netstat -tap:
Code:
Aktive Internetverbindungen (Server und stehende Verbindungen)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 *:sunrpc                *:*                     LISTEN      1686/portmap
tcp        0      0 *:50000                 *:*                     LISTEN      24067/perl
tcp        0      0 *:ftp                   *:*                     LISTEN      3531/pure-ftpd (SER
tcp        0      0 31.214.136.62:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.61:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.60:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.59:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.58:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.57:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.56:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.55:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.54:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.53:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.52:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.51:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.50:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.49:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.48:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.47:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.46:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.45:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.44:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.43:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.42:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.41:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.40:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.39:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.38:domain    *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.37:domain    *:*                     LISTEN      6262/named
tcp        0      0 mail.rackster.ch:domain *:*                     LISTEN      6262/named
tcp        0      0 31.214.136.35:domain    *:*                     LISTEN      6262/named
tcp        0      0 rs1500001.ffm.mt:domain *:*                     LISTEN      6262/named
tcp        0      0 localhost:domain        *:*                     LISTEN      6262/named
tcp        0      0 localhost:953           *:*                     LISTEN      6262/named
tcp        0      0 *:smtp                  *:*                     LISTEN      3115/master
tcp        0      0 *:48002                 *:*                     LISTEN      1698/rpc.statd
tcp        0      0 *:50022                 *:*                     LISTEN      25725/sshd
tcp        0      0 localhost:10024         *:*                     LISTEN      1321/amavisd (ch1-a
tcp        0      0 localhost:10025         *:*                     LISTEN      3115/master
tcp        0      0 localhost:mysql         *:*                     LISTEN      2584/mysqld
tcp       53      0 localhost:58190         localhost:10025         CLOSE_WAIT  1321/amavisd (ch1-a
tcp        0      0 localhost:mysql         localhost:34845         VERBUNDEN   2584/mysqld
tcp        0   1176 rs1500001.ffm.mte:50022 zux221-139-219.ad:58051 VERBUNDEN   2674/0
tcp        0      0 localhost:34845         localhost:mysql         VERBUNDEN   1321/amavisd (ch1-a
tcp6       0      0 [::]:pop3               [::]:*                  LISTEN      2016/couriertcpd
tcp6       0      0 [::]:imap2              [::]:*                  LISTEN      2061/couriertcpd
tcp6       0      0 [::]:http-alt           [::]:*                  LISTEN      1012/apache2
tcp6       0      0 [::]:www                [::]:*                  LISTEN      1012/apache2
tcp6       0      0 [::]:tproxy             [::]:*                  LISTEN      1012/apache2
tcp6       0      0 [::]:ftp                [::]:*                  LISTEN      3531/pure-ftpd (SER
tcp6       0      0 [::]:domain             [::]:*                  LISTEN      6262/named
tcp6       0      0 ip6-localhost:953       [::]:*                  LISTEN      6262/named
tcp6       0      0 [::]:https              [::]:*                  LISTEN      1012/apache2
tcp6       0      0 [::]:imaps              [::]:*                  LISTEN      21793/couriertcpd
tcp6       0      0 [::]:pop3s              [::]:*                  LISTEN      21815/couriertcpd
tcp6       0      0 [::]:50022              [::]:*                  LISTEN      25725/sshd
And this for iptables -L:
Code:
Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       tcp  --  anywhere             loopback/8
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere
DROP       all  --  base-address.mcast.net/4  anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
PUB_IN     all  --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED
DROP       all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
PUB_OUT    all  --  anywhere             anywhere
PUB_OUT    all  --  anywhere             anywhere
PUB_OUT    all  --  anywhere             anywhere
PUB_OUT    all  --  anywhere             anywhere

Chain INT_IN (0 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain INT_OUT (0 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere

Chain PAROLE (14 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain PUB_IN (4 references)
target     prot opt source               destination
ACCEPT     icmp --  anywhere             anywhere            icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere            icmp echo-reply
ACCEPT     icmp --  anywhere             anywhere            icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere            icmp echo-request
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp-data
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:ftp
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:smtp
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:domain
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:www
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:pop3
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:imap2
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:https
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:mysql
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:http-alt
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:tproxy
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:webmin
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:50000
PAROLE     tcp  --  anywhere             anywhere            tcp dpt:50022
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:mysql
DROP       icmp --  anywhere             anywhere
DROP       all  --  anywhere             anywhere

Chain PUB_OUT (4 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain fail2ban-courierimap (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-courierimaps (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-courierpop3 (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-courierpop3s (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-pureftpd (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-roundcube (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-sasl (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-ssh (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere

Chain fail2ban-webmin-auth (0 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere
Regards,
Michel
Reply With Quote