Da stamattina abbiamo provato ad aprire alcuni siti SSL e siamo stati accolti dagli avvisi del browser, che il certificato non è per questo sito. Dopo aver controllato il certificato, abbiamo determinato che è stato rilasciato su * .hostgator.com. Dal momento che è successo a tutti i siti che normalmente visitiamo, ho provato immediatamente a eseguire il ping di alcuni di essi e tutte le risposte hanno restituito la risposta di:
64 bytes from gator4226.hostgator.com (108.167.189.52): icmp_seq=1 ttl=54 time=141 ms
Abbiamo due server DNS sul posto, uno è bind9 su ubuntu (9.9.5.dfsg-3ubuntu0). Ho interrotto il servizio, poi un vecchio win2k3 ha preso il sopravvento e le risposte ping sono tornate ad essere corrette. Immagino che il nostro bind9 sia stato attaccato con successo, così che anche se si riavvia, restituisce immediatamente IP errati per tutte le query. Dato che non permetto richieste esterne (da Internet), suppongo che uno dei nostri utenti debba aver fatto qualcosa. Forse erano incazzati perché blocchiamo Facebook, non lo so.
Le mie domande sono:
- È possibile determinare come è successo?
- Potrebbe essere un attacco da Internet dopotutto?
Altre informazioni sulla nostra configurazione di bind9
In realtà è un padrone del nostro dominio. Abbiamo alcuni servizi in loco, tra cui web e posta. Disponiamo di certificati SSL standard commercialmente emessi. Il nostro DNS rende il nostro dominio risolto su IP locale, anziché pubblico (e possiamo cercare, ad esempio, mail.mycompany.com, ei nostri browser Web non si lamentano dei certificati). Oltre a quella funzionalità, è solo uno spedizioniere. Inoltre, alcuni siti indesiderati sono stati risolti in 127.0.0.1 e impedito il traffico sulla porta 59 per altri host sulla nostra rete, oltre a questi due server DNS.
named.conf include solo tre file: named.conf.options , named.conf.local e named.conf.default-zones . Di seguito sono file rilevanti. Ho nascosto il mio vero nome di dominio sostituendolo con mydomain.com .
named.conf.options
options {
directory "/var/cache/bind";
forwarders {
8.8.8.8;
8.8.4.4;
213.172.186.4;
216.172.186.5;
#194.105.133.2;
#194.105.133.1;
};
allow-query {
192.168.0/24;
127.0.0.1;
};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
};
named.conf.local
zone "mydomain.com" { type master; file "/etc/bind/db.mydomain.com"; };
zone "0.168.192.in-addr.arpa" { type master; file "/etc/bind/db.192.168.0"; };
zone "facebook.com" { type master; file "/etc/bind/blockedsites"; };
zone "facebook.pl" { type master; file "/etc/bind/blockedsites"; };
zone "hide.me" { type master; file "/etc/bind/blockedsites"; };
zone "hidemyass.com" { type master; file "/etc/bind/blockedsites"; };
zone "best-proxy.pl" { type master; file "/etc/bind/blockedsites"; };
infine, il file utilizzato per rispondere a qualsiasi sito bloccato (sorta di) - blockedsites
;
; BIND data file for local net
;
$TTL 604800
@ IN SOA mysite.local. hostmaster.mysite.local. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns0.mysite.local.
@ IN A 127.0.0.1
@ IN AAAA ::1
* IN A 127.0.0.1
Quindi, sono completamente a corto di dove dovrei cercare potenziali cause per questo problema. Se qualcuno fosse abbastanza gentile da spiegare cosa sarebbe potuto succedere, o reindirizzandomi a simili incidenti con risoluzioni, sarei molto grato.
Modifica
Questa macchina NON è un router, ma fornisce DNS, DHCP e TFTP . L'output di neststat -nr è:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
Ovviamente, l'output di iptables -t nat -L è vuoto, perché questa macchina non esegue NAT. Questo è il lavoro del router, che è sopra 192.168.0.1.
l'output di ps -uax è:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.2 0.1 33508 4072 ? Ss 09:27 0:01 /sbin/init
root 2 0.0 0.0 0 0 ? S 09:27 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S 09:27 0:00 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S< 09:27 0:00 [kworker/0:0H]
root 6 0.0 0.0 0 0 ? S 09:27 0:00 [kworker/u128:0]
root 7 0.0 0.0 0 0 ? S 09:27 0:00 [rcu_sched]
root 8 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/0]
root 9 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/1]
root 10 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/2]
root 11 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/3]
root 12 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/4]
root 13 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/5]
root 14 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/6]
root 15 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/7]
root 16 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/8]
root 17 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/9]
root 18 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/10]
root 19 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/11]
root 20 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/12]
root 21 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/13]
root 22 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/14]
root 23 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/15]
root 24 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/16]
root 25 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/17]
root 26 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/18]
root 27 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/19]
root 28 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/20]
root 29 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/21]
root 30 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/22]
root 31 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/23]
root 32 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/24]
root 33 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/25]
root 34 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/26]
root 35 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/27]
root 36 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/28]
root 37 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/29]
root 38 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/30]
root 39 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/31]
root 40 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/32]
root 41 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/33]
root 42 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/34]
root 43 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/35]
root 44 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/36]
root 45 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/37]
root 46 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/38]
root 47 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/39]
root 48 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/40]
root 49 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/41]
root 50 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/42]
root 51 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/43]
root 52 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/44]
root 53 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/45]
root 54 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/46]
root 55 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/47]
root 56 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/48]
root 57 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/49]
root 58 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/50]
root 59 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/51]
root 60 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/52]
root 61 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/53]
root 62 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/54]
root 63 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/55]
root 64 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/56]
root 65 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/57]
root 66 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/58]
root 67 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/59]
root 68 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/60]
root 69 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/61]
root 70 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/62]
root 71 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/63]
root 72 0.0 0.0 0 0 ? S 09:27 0:00 [rcu_bh]
root 73 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/0]
root 74 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/1]
root 75 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/2]
root 76 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/3]
root 77 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/4]
root 78 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/5]
root 79 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/6]
root 80 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/7]
root 81 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/8]
root 82 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/9]
root 83 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/10]
root 84 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/11]
root 85 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/12]
root 86 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/13]
root 87 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/14]
root 88 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/15]
root 89 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/16]
root 90 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/17]
root 91 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/18]
root 92 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/19]
root 93 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/20]
root 94 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/21]
root 95 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/22]
root 96 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/23]
root 97 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/24]
root 98 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/25]
root 99 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/26]
root 100 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/27]
root 101 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/28]
root 102 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/29]
root 103 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/30]
root 104 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/31]
root 105 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/32]
root 106 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/33]
root 107 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/34]
root 108 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/35]
root 109 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/36]
root 110 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/37]
root 111 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/38]
root 112 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/39]
root 113 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/40]
root 114 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/41]
root 115 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/42]
root 116 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/43]
root 117 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/44]
root 118 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/45]
root 119 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/46]
root 120 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/47]
root 121 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/48]
root 122 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/49]
root 123 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/50]
root 124 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/51]
root 125 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/52]
root 126 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/53]
root 127 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/54]
root 128 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/55]
root 129 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/56]
root 130 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/57]
root 131 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/58]
root 132 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/59]
root 133 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/60]
root 134 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/61]
root 135 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/62]
root 136 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/63]
root 137 0.0 0.0 0 0 ? S 09:27 0:00 [migration/0]
root 138 0.0 0.0 0 0 ? S 09:27 0:00 [watchdog/0]
root 139 0.0 0.0 0 0 ? S 09:27 0:00 [watchdog/1]
root 140 0.0 0.0 0 0 ? S 09:27 0:00 [migration/1]
root 141 0.0 0.0 0 0 ? S 09:27 0:00 [ksoftirqd/1]
root 143 0.0 0.0 0 0 ? S< 09:27 0:00 [kworker/1:0H]
root 144 0.0 0.0 0 0 ? S< 09:27 0:00 [khelper]
root 145 0.0 0.0 0 0 ? S 09:27 0:00 [kdevtmpfs]
root 146 0.0 0.0 0 0 ? S< 09:27 0:00 [netns]
root 147 0.0 0.0 0 0 ? S 09:27 0:00 [khungtaskd]
root 148 0.0 0.0 0 0 ? S< 09:27 0:00 [writeback]
root 149 0.0 0.0 0 0 ? SN 09:27 0:00 [ksmd]
root 150 0.0 0.0 0 0 ? SN 09:27 0:00 [khugepaged]
root 151 0.0 0.0 0 0 ? S< 09:27 0:00 [crypto]
root 152 0.0 0.0 0 0 ? S< 09:27 0:00 [kintegrityd]
root 153 0.0 0.0 0 0 ? S< 09:27 0:00 [bioset]
root 154 0.0 0.0 0 0 ? S< 09:27 0:00 [kblockd]
root 155 0.0 0.0 0 0 ? S< 09:27 0:00 [ata_sff]
root 156 0.0 0.0 0 0 ? S 09:27 0:00 [khubd]
root 157 0.0 0.0 0 0 ? S< 09:27 0:00 [md]
root 158 0.0 0.0 0 0 ? S< 09:27 0:00 [devfreq_wq]
root 159 0.0 0.0 0 0 ? S 09:27 0:00 [kworker/u128:1]
root 160 0.0 0.0 0 0 ? S 09:27 0:00 [kworker/0:1]
root 161 0.0 0.0 0 0 ? S 09:27 0:00 [kworker/1:1]
root 163 0.0 0.0 0 0 ? S 09:27 0:00 [kswapd0]
root 164 0.0 0.0 0 0 ? S 09:27 0:00 [fsnotify_mark]
root 165 0.0 0.0 0 0 ? S 09:27 0:00 [ecryptfs-kthrea]
root 177 0.0 0.0 0 0 ? S< 09:27 0:00 [kthrotld]
root 178 0.0 0.0 0 0 ? S< 09:27 0:00 [acpi_thermal_pm]
root 179 0.0 0.0 0 0 ? S 09:27 0:00 [scsi_eh_0]
root 180 0.0 0.0 0 0 ? S< 09:27 0:00 [scsi_tmf_0]
root 181 0.0 0.0 0 0 ? S 09:27 0:00 [scsi_eh_1]
root 182 0.0 0.0 0 0 ? S< 09:27 0:00 [scsi_tmf_1]
root 184 0.0 0.0 0 0 ? S< 09:27 0:00 [ipv6_addrconf]
root 185 0.0 0.0 0 0 ? S 09:27 0:00 [kworker/0:2]
root 186 0.0 0.0 0 0 ? S 09:27 0:00 [kworker/u128:3]
root 205 0.0 0.0 0 0 ? S< 09:27 0:00 [deferwq]
root 206 0.0 0.0 0 0 ? S< 09:27 0:00 [charger_manager]
root 250 0.0 0.0 0 0 ? S< 09:27 0:00 [kpsmoused]
root 251 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_con]
root 253 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 256 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 258 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 259 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 260 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 261 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 262 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 263 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 264 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 265 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 266 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 267 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 268 0.0 0.0 0 0 ? S< 09:27 0:00 [kworker/0:1H]
root 269 0.0 0.0 0 0 ? S 09:27 0:00 [scsi_eh_2]
root 270 0.0 0.0 0 0 ? S< 09:27 0:00 [scsi_tmf_2]
root 280 0.0 0.0 0 0 ? S 09:27 0:00 [jbd2/sda1-8]
root 281 0.0 0.0 0 0 ? S< 09:27 0:00 [ext4-rsv-conver]
root 287 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 288 0.0 0.0 0 0 ? S 09:27 0:00 [kworker/1:2]
root 414 0.0 0.0 19612 2000 ? S 09:27 0:00 upstart-udev-bridge --daemon
root 419 0.0 0.1 51648 3752 ? Ss 09:27 0:00 /lib/systemd/systemd-udevd --daemon
message+ 511 0.0 0.1 39232 2496 ? Ss 09:27 0:00 dbus-daemon --system --fork
syslog 563 0.0 0.1 255848 2952 ? Ssl 09:27 0:00 rsyslogd
root 581 0.0 0.1 43456 3244 ? Ss 09:27 0:00 /lib/systemd/systemd-logind
root 888 0.0 0.1 15936 2444 ? S 09:27 0:00 upstart-file-bridge --daemon
root 891 0.0 0.0 15660 2012 ? S 09:27 0:00 upstart-socket-bridge --daemon
root 927 0.0 0.1 15824 2064 tty4 Ss+ 09:27 0:00 /sbin/getty -8 38400 tty4
root 930 0.0 0.0 15824 2016 tty5 Ss+ 09:27 0:00 /sbin/getty -8 38400 tty5
root 938 0.0 0.1 15824 2072 tty2 Ss+ 09:27 0:00 /sbin/getty -8 38400 tty2
root 940 0.0 0.1 15824 2064 tty3 Ss+ 09:27 0:00 /sbin/getty -8 38400 tty3
root 948 0.0 0.0 15824 2024 tty6 Ss+ 09:27 0:00 /sbin/getty -8 38400 tty6
root 987 0.0 0.2 61376 5356 ? Ss 09:27 0:00 /usr/sbin/sshd -D
dhcpd 988 0.0 0.3 17644 6248 ? Ss 09:27 0:00 dhcpd -user dhcpd -group dhcpd -f -q -4 -pf /run/dhcp-server/dhcpd.pid -cf /etc/dhcp/dhcpd.conf
root 1000 0.0 0.0 4372 1560 ? Ss 09:27 0:00 acpid -c /etc/acpi/events -s /var/run/acpid.socket
daemon 1010 0.0 0.0 19144 164 ? Ss 09:27 0:00 atd
root 1011 0.0 0.1 23660 2252 ? Ss 09:27 0:00 cron
root 1017 0.0 0.0 15132 168 ? Ss 09:27 0:00 /usr/sbin/in.tftpd --listen --user tftp --address 0.0.0.0:69 --secure -m /etc/tftpd.map /var/li
root 1044 0.0 0.0 0 0 ? S< 09:27 0:00 [kworker/1:1H]
root 1053 0.0 0.1 19196 2196 ? Ss 09:27 0:00 /usr/sbin/irqbalance
root 1076 0.0 0.0 15824 2024 tty1 Ss+ 09:27 0:00 /sbin/getty -8 38400 tty1
root 1137 0.0 0.3 105644 6480 ? Ss 09:30 0:00 sshd: kitet [priv]
root 1139 0.0 0.0 0 0 ? S 09:30 0:00 [kauditd]
kitet 1186 0.0 0.1 105644 3504 ? R 09:30 0:00 sshd: kitet@pts/0
kitet 1187 0.0 0.2 22592 5388 pts/0 Ss 09:30 0:00 -bash
bind 1221 0.0 1.1 245200 23888 ? Ssl 09:31 0:00 /usr/sbin/named -4 -u bind
root 1240 0.0 0.0 0 0 ? S 09:32 0:00 [kworker/u128:2]
kitet 1249 0.0 0.1 18452 2628 pts/0 R+ 09:35 0:00 ps -uax
EDIT2: ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:15:5d:00:e6:02
inet addr:192.168.0.233 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:22006 errors:0 dropped:0 overruns:0 frame:0
TX packets:6771 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2076222 (2.0 MB) TX bytes:719723 (719.7 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:86 errors:0 dropped:0 overruns:0 frame:0
TX packets:86 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7003 (7.0 KB) TX bytes:7003 (7.0 KB)