Help: Find established conn source


 
Thread Tools Search this Thread
Operating Systems Linux Red Hat Help: Find established conn source
# 1  
Old 04-09-2012
Help: Find established conn source

Hi Friends,

On one of my server which having direct connection to internet without firewall ..am seeing a established connection with SSH .. am not getting how ..there no login but I can see this established connection .

## have hidden original IPs with below notations for security concerns .
My-IP: A.B.C.Z
Unknown-IP: W.X.Y.Z


Code:
# netstat -antpu | grep -i  W.X.
tcp        0      1 A.B.C.Z:38726          W.X.Y.Z:6667         ESTABLISHED    8997/sshd

After that have restricted the access by below Blindly ..

Code:
# vi /etc/hosts.deny
sshd,sshdfwd-X11:ALL
*:W.X.Y.Z
# vi  /etc/hosts.allow
sshd,sshdfwd-X11:  A.B.C.

## Set below iptables
Code:
# iptables -A INPUT -s W.X.Y.Z  -j DROP
# iptables -A OUTPUT -d W.X.Y.Z -j DROP
# service iptables save

# Now I can see below connection that with W.X.Y.Z
Code:
# netstat -antpu | grep -i W.X
tcp        0      1 A.B.C.Z:25631          W.X.Y.Z:6667          SYN_SENT    8997/sshd

Many time have killed this connection by killing above PID and after 1-2 minutes it again established connection over port: 666* that is below in my services files
Code:
ircu-3          6667/tcp        ircd    # IRCU
ircu-3          6667/udp        ircd    # IRCU

As per my understanding some of my system process is trying to sent packet to this W.X.Y.Z ip and waiting for ack response that is this SYN_SENT .

Please help me to find the root cause, how I can find which process/sw is trying to establish connection to this IP (W.X.Y.Z) and how I can block it fully ..

--Shirish Shukla
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. Solaris

Way to find source of a kill -9 in Solaris

Hello Guys, Someone or, some tool has killed the application process with signal 9 (kill -9) . How to track that in Solaris? On AIX we can use light-weight tool called ProbeVue to track it but not sure how to do it on Solaris. Appreciate your help. Kelly (3 Replies)
Discussion started by: aixusrsys
3 Replies

2. HP-UX

Way to find source of a kill -9 in HP-UX

Hello Guys, Someone or, some tool has killed the application process with signal 9 (kill -9) . How to track that in HP-UX? On AIX we can use light-weight tool called ProbeVue to track it but not sure how to do it on HP-UX. Appreciate your help. Kelly Closed because this is... (0 Replies)
Discussion started by: aixusrsys
0 Replies

3. Shell Programming and Scripting

Find global variables, c source

Hello.I have been trying to solve the following problem, but to no avail. If anyone could please give me some indications, or anything, it would be amazing. A C source program and a type name are given. Determine from source, the list of the global variables having the given type. For each... (5 Replies)
Discussion started by: Susan78
5 Replies

4. Shell Programming and Scripting

Help with find and source directories

Hi, How can i find the types of files in some directory(~/mydir) that start with word "fix" then followed by number 3, 4, 7 or 8 and end with .ccp or .in How can i find the total number of files that are larger than 5000 bytes in specific directory?, I can do it by current directory by using ... (4 Replies)
Discussion started by: kim1980
4 Replies

5. IP Networking

ESTABLISHED web process??

I put lsof -i -P -n into the terminal and this is the output. I believe i am being hacked?? lsof -i -P -n COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME SystemUIS 1578 melodysneed 9u IPv4 0x07d608ec 0t0 UDP *:* SystemUIS 1578 melodysneed 11u IPv4 0x0ba68810... (5 Replies)
Discussion started by: melodysneed
5 Replies

6. Shell Programming and Scripting

gcc source in C language:WHERE I FIND THEM??

Hi, sorry for my english, i want to find the C-sources of the compiler gcc because i must create a compiler for an educational architecture made by my information technology professor. He told me that i must start from this sources, compile the gcc with them (pratically "auto-compile" the... (2 Replies)
Discussion started by: ferruccio87
2 Replies

7. UNIX for Advanced & Expert Users

conn

hai , i want to connect to global ftp through ip address. remote type is unix. sometimes it is connecting some times connection timed out is coming what is solution (1 Reply)
Discussion started by: rajan_ka1
1 Replies

8. UNIX for Advanced & Expert Users

bigbrother monitoring:conn ssh on server clients goes purple green alternatively

i am using big brother 1.9i.some clients are shut down.but server and other clients are on and bb is running successfullly on all of them.But network tests like conn ssh,telnet etc are going purple for some time and become green for some time on all clients and server reports are not updating..i... (1 Reply)
Discussion started by: pankajd
1 Replies

9. Shell Programming and Scripting

{Urgent very need help} script for conn oracle and get the content

hi experts, very need help about script how to login into oracle database and select a table and append the query into a file. i have oracle database and have a table named omc_ip with fields like host_id(varchar2(20)),ip(varchar2(10)) and update_date(date). i want to build a script that... (15 Replies)
Discussion started by: bucci
15 Replies

10. IP Networking

Sniffing an established port

Hi All, On a solaris box A port B in which port B is established and receiving data. My question is how do i listen on that established port , how can i get the data received at box A: port B through my application I had searched the forum for the same, but i am unable to retrieve the... (5 Replies)
Discussion started by: matrixmadhan
5 Replies
Login or Register to Ask a Question