Has this system been compromised? RH 8.0

I noiced "established" connections to port 111
so I added
iptables -A INPUT -p tcp -s! 192.168.0.0/24 --dport 111 -j DROP
iptables -A INPUT -p udp -s! 192.168.0.0/24 --dport 111 -j DROP

but 10 hours latere the SAME connections still say "established" in netstat.


Code: 
# rpcinfo -p
   program vers proto   port
    100000    2   tcp    111  portmapper
    100000    2   udp    111  portmapper
    100024    1   udp  32768  status
    100024    1   tcp  32768  status
    391002    2   tcp  32769  sgi_fam


# fuser -v -n tcp 32768
                     USER        PID ACCESS COMMAND
32768/tcp            root        540 f....  rpc.statd


# fuser -v -n tcp 32769

                     USER        PID ACCESS COMMAND
32769/tcp            root        674 f....  xinetd
Please help anyone =(

 

 

 

 

Top