Desde esta mañana, intentamos abrir algunos sitios SSL y recibimos advertencias del navegador, ese certificado no es para este sitio. Al verificar el certificado, determinamos que se emite a * .hostgator.com. Como sucedió en todos los sitios que visitamos normalmente, inmediatamente intenté hacer ping a algunos de ellos y todas las consultas respondieron:
64 bytes from gator4226.hostgator.com (108.167.189.52): icmp_seq=1 ttl=54 time=141 ms
Tenemos dos servidores DNS en el sitio, uno es bind9 en ubuntu (9.9.5.dfsg-3ubuntu0). Detuve el servicio, luego un viejo win2k3 tomó el control y las respuestas de ping volvieron a ser correctas nuevamente. Supongo que nuestro bind9 fue atacado con éxito, por lo que incluso si se reinicia, inmediatamente devuelve direcciones IP incorrectas para todas las consultas. Como no permito solicitudes externas (de Internet), supongo que uno de nuestros propios usuarios debe haber hecho algo. Tal vez estaban enojados porque bloqueamos Facebook, no lo sé.
Mis preguntas son:
- ¿Es posible determinar cómo sucedió esto?
- ¿Podría ser un ataque desde Internet después de todo?
Más información sobre nuestra configuración de bind9
En realidad es un maestro para nuestro propio dominio. Tenemos algunos servicios en el sitio, incluyendo web y correo. Tenemos certificados SSL normales, emitidos comercialmente. Nuestro DNS hace que nuestro dominio se resuelva a IP local, en lugar de público (y podemos buscar, por ejemplo, mail.mycompany.com, y nuestros navegadores web no se quejan de los certificados). Además de esa funcionalidad, es solo un reenviador. También hicimos que algunos sitios no deseados se resolvieran a 127.0.0.1 y no permitimos ningún tráfico en el puerto 59 para otros hosts en nuestra red, además de estos dos servidores DNS.
named.conf incluye solo tres archivos: named.conf.options , named.conf.local y named.conf.default-zones . A continuación se presentan los archivos pertinentes. Oculté mi nombre de dominio real reemplazándolo con midominio.com .
named.conf.options
options {
directory "/var/cache/bind";
forwarders {
8.8.8.8;
8.8.4.4;
213.172.186.4;
216.172.186.5;
#194.105.133.2;
#194.105.133.1;
};
allow-query {
192.168.0/24;
127.0.0.1;
};
dnssec-validation auto;
auth-nxdomain no; # conform to RFC1035
listen-on-v6 { none; };
};
named.conf.local
zone "mydomain.com" { type master; file "/etc/bind/db.mydomain.com"; };
zone "0.168.192.in-addr.arpa" { type master; file "/etc/bind/db.192.168.0"; };
zone "facebook.com" { type master; file "/etc/bind/blockedsites"; };
zone "facebook.pl" { type master; file "/etc/bind/blockedsites"; };
zone "hide.me" { type master; file "/etc/bind/blockedsites"; };
zone "hidemyass.com" { type master; file "/etc/bind/blockedsites"; };
zone "best-proxy.pl" { type master; file "/etc/bind/blockedsites"; };
finalmente, archivo utilizado para responder a cualquier sitio bloqueado (tipo de) - sitios bloqueados
;
; BIND data file for local net
;
$TTL 604800
@ IN SOA mysite.local. hostmaster.mysite.local. (
2 ; Serial
604800 ; Refresh
86400 ; Retry
2419200 ; Expire
604800 ) ; Negative Cache TTL
;
@ IN NS ns0.mysite.local.
@ IN A 127.0.0.1
@ IN AAAA ::1
* IN A 127.0.0.1
Por lo tanto, estoy completamente perdido respecto a dónde debo buscar las posibles causas de este problema. Si alguien tuviera la amabilidad de explicar lo que podría haber ocurrido o de redirigirme a incidentes similares con resoluciones, le estaría muy agradecido.
EDIT
Esta máquina NO es un enrutador, proporciona DNS, DHCP y TFTP . La salida de neststat -nr es:
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth0
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
Obviamente, la salida de iptables -t nat -L está vacía, porque esta máquina no hace NAT. Ese es el trabajo del enrutador, que se ve arriba 192.168.0.1.
ps -uax la salida es:
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.2 0.1 33508 4072 ? Ss 09:27 0:01 /sbin/init
root 2 0.0 0.0 0 0 ? S 09:27 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S 09:27 0:00 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S< 09:27 0:00 [kworker/0:0H]
root 6 0.0 0.0 0 0 ? S 09:27 0:00 [kworker/u128:0]
root 7 0.0 0.0 0 0 ? S 09:27 0:00 [rcu_sched]
root 8 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/0]
root 9 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/1]
root 10 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/2]
root 11 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/3]
root 12 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/4]
root 13 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/5]
root 14 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/6]
root 15 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/7]
root 16 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/8]
root 17 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/9]
root 18 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/10]
root 19 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/11]
root 20 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/12]
root 21 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/13]
root 22 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/14]
root 23 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/15]
root 24 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/16]
root 25 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/17]
root 26 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/18]
root 27 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/19]
root 28 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/20]
root 29 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/21]
root 30 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/22]
root 31 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/23]
root 32 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/24]
root 33 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/25]
root 34 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/26]
root 35 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/27]
root 36 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/28]
root 37 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/29]
root 38 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/30]
root 39 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/31]
root 40 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/32]
root 41 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/33]
root 42 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/34]
root 43 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/35]
root 44 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/36]
root 45 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/37]
root 46 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/38]
root 47 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/39]
root 48 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/40]
root 49 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/41]
root 50 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/42]
root 51 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/43]
root 52 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/44]
root 53 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/45]
root 54 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/46]
root 55 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/47]
root 56 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/48]
root 57 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/49]
root 58 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/50]
root 59 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/51]
root 60 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/52]
root 61 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/53]
root 62 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/54]
root 63 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/55]
root 64 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/56]
root 65 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/57]
root 66 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/58]
root 67 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/59]
root 68 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/60]
root 69 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/61]
root 70 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/62]
root 71 0.0 0.0 0 0 ? S 09:27 0:00 [rcuos/63]
root 72 0.0 0.0 0 0 ? S 09:27 0:00 [rcu_bh]
root 73 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/0]
root 74 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/1]
root 75 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/2]
root 76 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/3]
root 77 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/4]
root 78 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/5]
root 79 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/6]
root 80 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/7]
root 81 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/8]
root 82 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/9]
root 83 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/10]
root 84 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/11]
root 85 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/12]
root 86 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/13]
root 87 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/14]
root 88 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/15]
root 89 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/16]
root 90 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/17]
root 91 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/18]
root 92 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/19]
root 93 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/20]
root 94 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/21]
root 95 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/22]
root 96 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/23]
root 97 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/24]
root 98 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/25]
root 99 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/26]
root 100 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/27]
root 101 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/28]
root 102 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/29]
root 103 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/30]
root 104 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/31]
root 105 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/32]
root 106 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/33]
root 107 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/34]
root 108 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/35]
root 109 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/36]
root 110 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/37]
root 111 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/38]
root 112 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/39]
root 113 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/40]
root 114 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/41]
root 115 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/42]
root 116 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/43]
root 117 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/44]
root 118 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/45]
root 119 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/46]
root 120 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/47]
root 121 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/48]
root 122 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/49]
root 123 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/50]
root 124 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/51]
root 125 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/52]
root 126 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/53]
root 127 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/54]
root 128 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/55]
root 129 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/56]
root 130 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/57]
root 131 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/58]
root 132 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/59]
root 133 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/60]
root 134 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/61]
root 135 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/62]
root 136 0.0 0.0 0 0 ? S 09:27 0:00 [rcuob/63]
root 137 0.0 0.0 0 0 ? S 09:27 0:00 [migration/0]
root 138 0.0 0.0 0 0 ? S 09:27 0:00 [watchdog/0]
root 139 0.0 0.0 0 0 ? S 09:27 0:00 [watchdog/1]
root 140 0.0 0.0 0 0 ? S 09:27 0:00 [migration/1]
root 141 0.0 0.0 0 0 ? S 09:27 0:00 [ksoftirqd/1]
root 143 0.0 0.0 0 0 ? S< 09:27 0:00 [kworker/1:0H]
root 144 0.0 0.0 0 0 ? S< 09:27 0:00 [khelper]
root 145 0.0 0.0 0 0 ? S 09:27 0:00 [kdevtmpfs]
root 146 0.0 0.0 0 0 ? S< 09:27 0:00 [netns]
root 147 0.0 0.0 0 0 ? S 09:27 0:00 [khungtaskd]
root 148 0.0 0.0 0 0 ? S< 09:27 0:00 [writeback]
root 149 0.0 0.0 0 0 ? SN 09:27 0:00 [ksmd]
root 150 0.0 0.0 0 0 ? SN 09:27 0:00 [khugepaged]
root 151 0.0 0.0 0 0 ? S< 09:27 0:00 [crypto]
root 152 0.0 0.0 0 0 ? S< 09:27 0:00 [kintegrityd]
root 153 0.0 0.0 0 0 ? S< 09:27 0:00 [bioset]
root 154 0.0 0.0 0 0 ? S< 09:27 0:00 [kblockd]
root 155 0.0 0.0 0 0 ? S< 09:27 0:00 [ata_sff]
root 156 0.0 0.0 0 0 ? S 09:27 0:00 [khubd]
root 157 0.0 0.0 0 0 ? S< 09:27 0:00 [md]
root 158 0.0 0.0 0 0 ? S< 09:27 0:00 [devfreq_wq]
root 159 0.0 0.0 0 0 ? S 09:27 0:00 [kworker/u128:1]
root 160 0.0 0.0 0 0 ? S 09:27 0:00 [kworker/0:1]
root 161 0.0 0.0 0 0 ? S 09:27 0:00 [kworker/1:1]
root 163 0.0 0.0 0 0 ? S 09:27 0:00 [kswapd0]
root 164 0.0 0.0 0 0 ? S 09:27 0:00 [fsnotify_mark]
root 165 0.0 0.0 0 0 ? S 09:27 0:00 [ecryptfs-kthrea]
root 177 0.0 0.0 0 0 ? S< 09:27 0:00 [kthrotld]
root 178 0.0 0.0 0 0 ? S< 09:27 0:00 [acpi_thermal_pm]
root 179 0.0 0.0 0 0 ? S 09:27 0:00 [scsi_eh_0]
root 180 0.0 0.0 0 0 ? S< 09:27 0:00 [scsi_tmf_0]
root 181 0.0 0.0 0 0 ? S 09:27 0:00 [scsi_eh_1]
root 182 0.0 0.0 0 0 ? S< 09:27 0:00 [scsi_tmf_1]
root 184 0.0 0.0 0 0 ? S< 09:27 0:00 [ipv6_addrconf]
root 185 0.0 0.0 0 0 ? S 09:27 0:00 [kworker/0:2]
root 186 0.0 0.0 0 0 ? S 09:27 0:00 [kworker/u128:3]
root 205 0.0 0.0 0 0 ? S< 09:27 0:00 [deferwq]
root 206 0.0 0.0 0 0 ? S< 09:27 0:00 [charger_manager]
root 250 0.0 0.0 0 0 ? S< 09:27 0:00 [kpsmoused]
root 251 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_con]
root 253 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 256 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 258 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 259 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 260 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 261 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 262 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 263 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 264 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 265 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 266 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 267 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 268 0.0 0.0 0 0 ? S< 09:27 0:00 [kworker/0:1H]
root 269 0.0 0.0 0 0 ? S 09:27 0:00 [scsi_eh_2]
root 270 0.0 0.0 0 0 ? S< 09:27 0:00 [scsi_tmf_2]
root 280 0.0 0.0 0 0 ? S 09:27 0:00 [jbd2/sda1-8]
root 281 0.0 0.0 0 0 ? S< 09:27 0:00 [ext4-rsv-conver]
root 287 0.0 0.0 0 0 ? S< 09:27 0:00 [hv_vmbus_ctl]
root 288 0.0 0.0 0 0 ? S 09:27 0:00 [kworker/1:2]
root 414 0.0 0.0 19612 2000 ? S 09:27 0:00 upstart-udev-bridge --daemon
root 419 0.0 0.1 51648 3752 ? Ss 09:27 0:00 /lib/systemd/systemd-udevd --daemon
message+ 511 0.0 0.1 39232 2496 ? Ss 09:27 0:00 dbus-daemon --system --fork
syslog 563 0.0 0.1 255848 2952 ? Ssl 09:27 0:00 rsyslogd
root 581 0.0 0.1 43456 3244 ? Ss 09:27 0:00 /lib/systemd/systemd-logind
root 888 0.0 0.1 15936 2444 ? S 09:27 0:00 upstart-file-bridge --daemon
root 891 0.0 0.0 15660 2012 ? S 09:27 0:00 upstart-socket-bridge --daemon
root 927 0.0 0.1 15824 2064 tty4 Ss+ 09:27 0:00 /sbin/getty -8 38400 tty4
root 930 0.0 0.0 15824 2016 tty5 Ss+ 09:27 0:00 /sbin/getty -8 38400 tty5
root 938 0.0 0.1 15824 2072 tty2 Ss+ 09:27 0:00 /sbin/getty -8 38400 tty2
root 940 0.0 0.1 15824 2064 tty3 Ss+ 09:27 0:00 /sbin/getty -8 38400 tty3
root 948 0.0 0.0 15824 2024 tty6 Ss+ 09:27 0:00 /sbin/getty -8 38400 tty6
root 987 0.0 0.2 61376 5356 ? Ss 09:27 0:00 /usr/sbin/sshd -D
dhcpd 988 0.0 0.3 17644 6248 ? Ss 09:27 0:00 dhcpd -user dhcpd -group dhcpd -f -q -4 -pf /run/dhcp-server/dhcpd.pid -cf /etc/dhcp/dhcpd.conf
root 1000 0.0 0.0 4372 1560 ? Ss 09:27 0:00 acpid -c /etc/acpi/events -s /var/run/acpid.socket
daemon 1010 0.0 0.0 19144 164 ? Ss 09:27 0:00 atd
root 1011 0.0 0.1 23660 2252 ? Ss 09:27 0:00 cron
root 1017 0.0 0.0 15132 168 ? Ss 09:27 0:00 /usr/sbin/in.tftpd --listen --user tftp --address 0.0.0.0:69 --secure -m /etc/tftpd.map /var/li
root 1044 0.0 0.0 0 0 ? S< 09:27 0:00 [kworker/1:1H]
root 1053 0.0 0.1 19196 2196 ? Ss 09:27 0:00 /usr/sbin/irqbalance
root 1076 0.0 0.0 15824 2024 tty1 Ss+ 09:27 0:00 /sbin/getty -8 38400 tty1
root 1137 0.0 0.3 105644 6480 ? Ss 09:30 0:00 sshd: kitet [priv]
root 1139 0.0 0.0 0 0 ? S 09:30 0:00 [kauditd]
kitet 1186 0.0 0.1 105644 3504 ? R 09:30 0:00 sshd: kitet@pts/0
kitet 1187 0.0 0.2 22592 5388 pts/0 Ss 09:30 0:00 -bash
bind 1221 0.0 1.1 245200 23888 ? Ssl 09:31 0:00 /usr/sbin/named -4 -u bind
root 1240 0.0 0.0 0 0 ? S 09:32 0:00 [kworker/u128:2]
kitet 1249 0.0 0.1 18452 2628 pts/0 R+ 09:35 0:00 ps -uax
EDIT2: ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:15:5d:00:e6:02
inet addr:192.168.0.233 Bcast:192.168.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:22006 errors:0 dropped:0 overruns:0 frame:0
TX packets:6771 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2076222 (2.0 MB) TX bytes:719723 (719.7 KB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:86 errors:0 dropped:0 overruns:0 frame:0
TX packets:86 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:7003 (7.0 KB) TX bytes:7003 (7.0 KB)