Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Help: Find established conn source
Operating Systems Linux Red Hat Help: Find established conn source Post 302620883 by Shirishlnx on Monday 9th of April 2012 12:23:44 PM
Old 04-09-2012
Help: Find established conn source
Hi Friends,

On one of my server which having direct connection to internet without firewall ..am seeing a established connection with SSH .. am not getting how ..there no login but I can see this established connection .

## have hidden original IPs with below notations for security concerns .
My-IP: A.B.C.Z
Unknown-IP: W.X.Y.Z

Code:
# netstat -antpu | grep -i  W.X.
tcp        0      1 A.B.C.Z:38726          W.X.Y.Z:6667         ESTABLISHED    8997/sshd

After that have restricted the access by below Blindly ..

Code:
# vi /etc/hosts.deny
sshd,sshdfwd-X11:ALL
*:W.X.Y.Z
# vi  /etc/hosts.allow
sshd,sshdfwd-X11:  A.B.C.

## Set below iptables
Code:
# iptables -A INPUT -s W.X.Y.Z  -j DROP
# iptables -A OUTPUT -d W.X.Y.Z -j DROP
# service iptables save

# Now I can see below connection that with W.X.Y.Z
Code:
# netstat -antpu | grep -i W.X
tcp        0      1 A.B.C.Z:25631          W.X.Y.Z:6667          SYN_SENT    8997/sshd

Many time have killed this connection by killing above PID and after 1-2 minutes it again established connection over port: 666* that is below in my services files
Code:
ircu-3          6667/tcp        ircd    # IRCU
ircu-3          6667/udp        ircd    # IRCU

As per my understanding some of my system process is trying to sent packet to this W.X.Y.Z ip and waiting for ack response that is this SYN_SENT .

Please help me to find the root cause, how I can find which process/sw is trying to establish connection to this IP (W.X.Y.Z) and how I can block it fully ..

--Shirish Shukla
 

10 More Discussions You Might Find Interesting

1. IP Networking

Sniffing an established port

Hi All, On a solaris box A port B in which port B is established and receiving data. My question is how do i listen on that established port , how can i get the data received at box A: port B through my application I had searched the forum for the same, but i am unable to retrieve the... (5 Replies)
Discussion started by: matrixmadhan
5 Replies

2. Shell Programming and Scripting

{Urgent very need help} script for conn oracle and get the content

hi experts, very need help about script how to login into oracle database and select a table and append the query into a file. i have oracle database and have a table named omc_ip with fields like host_id(varchar2(20)),ip(varchar2(10)) and update_date(date). i want to build a script that... (15 Replies)
Discussion started by: bucci
15 Replies

3. UNIX for Advanced & Expert Users

bigbrother monitoring:conn ssh on server clients goes purple green alternatively

i am using big brother 1.9i.some clients are shut down.but server and other clients are on and bb is running successfullly on all of them.But network tests like conn ssh,telnet etc are going purple for some time and become green for some time on all clients and server reports are not updating..i... (1 Reply)
Discussion started by: pankajd
1 Replies

4. UNIX for Advanced & Expert Users

conn

hai , i want to connect to global ftp through ip address. remote type is unix. sometimes it is connecting some times connection timed out is coming what is solution (1 Reply)
Discussion started by: rajan_ka1
1 Replies

5. Shell Programming and Scripting

gcc source in C language:WHERE I FIND THEM??

Hi, sorry for my english, i want to find the C-sources of the compiler gcc because i must create a compiler for an educational architecture made by my information technology professor. He told me that i must start from this sources, compile the gcc with them (pratically "auto-compile" the... (2 Replies)
Discussion started by: ferruccio87
2 Replies

6. IP Networking

ESTABLISHED web process??

I put lsof -i -P -n into the terminal and this is the output. I believe i am being hacked?? lsof -i -P -n COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME SystemUIS 1578 melodysneed 9u IPv4 0x07d608ec 0t0 UDP *:* SystemUIS 1578 melodysneed 11u IPv4 0x0ba68810... (5 Replies)
Discussion started by: melodysneed
5 Replies

7. Shell Programming and Scripting

Help with find and source directories

Hi, How can i find the types of files in some directory(~/mydir) that start with word "fix" then followed by number 3, 4, 7 or 8 and end with .ccp or .in How can i find the total number of files that are larger than 5000 bytes in specific directory?, I can do it by current directory by using ... (4 Replies)
Discussion started by: kim1980
4 Replies

8. Shell Programming and Scripting

Find global variables, c source

Hello.I have been trying to solve the following problem, but to no avail. If anyone could please give me some indications, or anything, it would be amazing. A C source program and a type name are given. Determine from source, the list of the global variables having the given type. For each... (5 Replies)
Discussion started by: Susan78
5 Replies

9. HP-UX

Way to find source of a kill -9 in HP-UX

Hello Guys, Someone or, some tool has killed the application process with signal 9 (kill -9) . How to track that in HP-UX? On AIX we can use light-weight tool called ProbeVue to track it but not sure how to do it on HP-UX. Appreciate your help. Kelly Closed because this is... (0 Replies)
Discussion started by: aixusrsys
0 Replies

10. Solaris

Way to find source of a kill -9 in Solaris

Hello Guys, Someone or, some tool has killed the application process with signal 9 (kill -9) . How to track that in Solaris? On AIX we can use light-weight tool called ProbeVue to track it but not sure how to do it on Solaris. Appreciate your help. Kelly (3 Replies)
Discussion started by: aixusrsys
3 Replies

LEARN ABOUT MOJAVE

locale::codes::langext5.18

Locale::Codes::LangExt(3pm)				 Perl Programmers Reference Guide			       Locale::Codes::LangExt(3pm)

NAME

       Locale::Codes::LangExt - standard codes for language extension identification

SYNOPSIS

	  use Locale::Codes::LangExt;

	  $lext = code2langext('acm');		       # $lext gets 'Mesopotamian Arabic'
	  $code = langext2code('Mesopotamian Arabic'); # $code gets 'acm'

	  @codes   = all_langext_codes();
	  @names   = all_langext_names();

DESCRIPTION

       The "Locale::Codes::LangExt" module provides access to standard codes used for identifying language extensions, such as those as defined in
       the IANA language registry.

       Most of the routines take an optional additional argument which specifies the code set to use. If not specified, the default IANA language
       registry codes will be used.

SUPPORTED CODE SETS

       There are several different code sets you can use for identifying language extensions. A code set may be specified using either a name, or
       a constant that is automatically exported by this module.

       For example, the two are equivalent:

	  $lext = code2langext('acm','alpha');
	  $lext = code2langext('acm',LOCALE_LANGEXT_ALPHA);

       The codesets currently supported are:

       alpha
	   This is the set of three-letter (lowercase) codes from the IANA language registry, such as 'acm' for Mesopotamian Arabic.

	   This is the default code set.

ROUTINES

       code2langext ( CODE [,CODESET] )
       langext2code ( NAME [,CODESET] )
       langext_code2code ( CODE ,CODESET ,CODESET2 )
       all_langext_codes ( [CODESET] )
       all_langext_names ( [CODESET] )
       Locale::Codes::LangExt::rename_langext  ( CODE ,NEW_NAME [,CODESET] )
       Locale::Codes::LangExt::add_langext  ( CODE ,NAME [,CODESET] )
       Locale::Codes::LangExt::delete_langext  ( CODE [,CODESET] )
       Locale::Codes::LangExt::add_langext_alias  ( NAME ,NEW_NAME )
       Locale::Codes::LangExt::delete_langext_alias  ( NAME )
       Locale::Codes::LangExt::rename_langext_code  ( CODE ,NEW_CODE [,CODESET] )
       Locale::Codes::LangExt::add_langext_code_alias  ( CODE ,NEW_CODE [,CODESET] )
       Locale::Codes::LangExt::delete_langext_code_alias  ( CODE [,CODESET] )
	   These routines are all documented in the Locale::Codes::API man page.

SEE ALSO

       Locale::Codes
	   The Locale-Codes distribution.

       Locale::Codes::API
	   The list of functions supported by this module.

       http://www.iana.org/assignments/language-subtag-registry
	   The IANA language subtag registry.

AUTHOR

       See Locale::Codes for full author history.

       Currently maintained by Sullivan Beck (sbeck@cpan.org).

COPYRIGHT

	  Copyright (c) 2011-2013 Sullivan Beck

       This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself.

perl v5.18.2							    2013-11-04					       Locale::Codes::LangExt(3pm)
All times are GMT -4. The time now is 07:03 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy