Answered step by step
Verified Expert Solution
Question
1 Approved Answer
Security You notice your computer is running slowly and the activity LED on your router is blinking rapidly You are running Linux, and you know
Security You notice your computer is running slowly and the activity LED on your router is blinking rapidly You are running Linux, and you know that running either netstat or ss-a will tell you at the socket level what's going on. The ss -a command gives a report similar to the following (the u_str and u dgm entries are re- moved; those are UNIX domain sockets which are local-to-the system equivalents of tcp/udp used for interprocess communication) Netid State Recv-Q Send-Q Local Address: Port Peer Address: Port 74.125.202.108:imaps 216.58.192.194 :https 216.58.192.196:https 74.125.202.109:imaps 130.111.218.16:ssh 23.45.134.221:https 100.16.227.202:ssh 192.168.8.51:53074 192.168.8.51:53075 192.168.8.51:53076 192.168.8.51:53086 CLOSE-WAIT! CLOSE-WAIT 1 CLOSE WAIT! 192.168.8.38:34466 192.168.8.38:35610 192.168.8.38:36884 192.168.8.38:35496 192.168.8.38:36888 192.168.8.38:37284 192.168.8.38:42308 192.168.8.38:ssh 192.168.8.38:ssh 192.168.8.38:ssh 192.168.8.38:ssh tcp tcp Cp ESTAB tcp ESTAB CP ESTAB Cp ESTAB SYN-RECV 0 SYN-RECV0 SYN-RECV 0 SYN-RECV 0 200 more just like thiS SYN-RECV0 SYN-RECV 0 SYN-RECV0 SYN-RECV 0 TIME-WAIT 0 TIME-WAIT 0 TIME-WAIT 0 TIME-WAIT 0 UNCONN 192.168.8.38:ssh 192.168.8.38:ssh 192.168.8.38:ssh 192.168.8.38:ssh 192.168.8.38:52020 192.168.8.38:52242 192.168.8.38:56936 192.168.8.38:57386 192.168.8.51:53150 192.168.8.51:53151 192.168.8.51:53152 192.168.8.51:53153 172.217.9.66:https 172.217.9.34:https 216.58.192.196:https 216.58.216.106:https ud :789 udp UNCONN UNCONN UNCONN UNCONN UNCONN LISTEN LISTEN LISTEN LISTEN LISTEN LISTEN ud ud :mdns :netbios-dqm : netbios-ns sunrpc :ssh :sunrpc 127.0.0.1:smtp *microsoft-ds :netbios-ssn 127.0.0.1:1pp Cp 128 tcp CP (a) Should you worry about the tcp/CLOSE-WAIT connections? Why or why not? (b) Should you worry about the tcp/ESTAB connections? Why or why not? (c Should you worry about the copious tep/SYN-RECV connections? Why or why not? (d) Should you worry about the tep/TIME-WAIT connections? Why or why not? (e) Should you worry about the udp/UNCONN connections? Why or why not? (f) Should you worry about the tcp/LISTEN connections? Why or why not? Security You notice your computer is running slowly and the activity LED on your router is blinking rapidly You are running Linux, and you know that running either netstat or ss-a will tell you at the socket level what's going on. The ss -a command gives a report similar to the following (the u_str and u dgm entries are re- moved; those are UNIX domain sockets which are local-to-the system equivalents of tcp/udp used for interprocess communication) Netid State Recv-Q Send-Q Local Address: Port Peer Address: Port 74.125.202.108:imaps 216.58.192.194 :https 216.58.192.196:https 74.125.202.109:imaps 130.111.218.16:ssh 23.45.134.221:https 100.16.227.202:ssh 192.168.8.51:53074 192.168.8.51:53075 192.168.8.51:53076 192.168.8.51:53086 CLOSE-WAIT! CLOSE-WAIT 1 CLOSE WAIT! 192.168.8.38:34466 192.168.8.38:35610 192.168.8.38:36884 192.168.8.38:35496 192.168.8.38:36888 192.168.8.38:37284 192.168.8.38:42308 192.168.8.38:ssh 192.168.8.38:ssh 192.168.8.38:ssh 192.168.8.38:ssh tcp tcp Cp ESTAB tcp ESTAB CP ESTAB Cp ESTAB SYN-RECV 0 SYN-RECV0 SYN-RECV 0 SYN-RECV 0 200 more just like thiS SYN-RECV0 SYN-RECV 0 SYN-RECV0 SYN-RECV 0 TIME-WAIT 0 TIME-WAIT 0 TIME-WAIT 0 TIME-WAIT 0 UNCONN 192.168.8.38:ssh 192.168.8.38:ssh 192.168.8.38:ssh 192.168.8.38:ssh 192.168.8.38:52020 192.168.8.38:52242 192.168.8.38:56936 192.168.8.38:57386 192.168.8.51:53150 192.168.8.51:53151 192.168.8.51:53152 192.168.8.51:53153 172.217.9.66:https 172.217.9.34:https 216.58.192.196:https 216.58.216.106:https ud :789 udp UNCONN UNCONN UNCONN UNCONN UNCONN LISTEN LISTEN LISTEN LISTEN LISTEN LISTEN ud ud :mdns :netbios-dqm : netbios-ns sunrpc :ssh :sunrpc 127.0.0.1:smtp *microsoft-ds :netbios-ssn 127.0.0.1:1pp Cp 128 tcp CP (a) Should you worry about the tcp/CLOSE-WAIT connections? Why or why not? (b) Should you worry about the tcp/ESTAB connections? Why or why not? (c Should you worry about the copious tep/SYN-RECV connections? Why or why not? (d) Should you worry about the tep/TIME-WAIT connections? Why or why not? (e) Should you worry about the udp/UNCONN connections? Why or why not? (f) Should you worry about the tcp/LISTEN connections? Why or why not
Step by Step Solution
There are 3 Steps involved in it
Step: 1
Get Instant Access to Expert-Tailored Solutions
See step-by-step solutions with expert insights and AI powered tools for academic success
Step: 2
Step: 3
Ace Your Homework with AI
Get the answers you need in no time with our AI-driven, step-by-step assistance
Get Started