Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Help: Find established conn source
Operating Systems Linux Red Hat Help: Find established conn source Post 302620883 by Shirishlnx on Monday 9th of April 2012 12:23:44 PM
Old 04-09-2012
Help: Find established conn source
Hi Friends,

On one of my server which having direct connection to internet without firewall ..am seeing a established connection with SSH .. am not getting how ..there no login but I can see this established connection .

## have hidden original IPs with below notations for security concerns .
My-IP: A.B.C.Z
Unknown-IP: W.X.Y.Z

Code:
# netstat -antpu | grep -i  W.X.
tcp        0      1 A.B.C.Z:38726          W.X.Y.Z:6667         ESTABLISHED    8997/sshd

After that have restricted the access by below Blindly ..

Code:
# vi /etc/hosts.deny
sshd,sshdfwd-X11:ALL
*:W.X.Y.Z
# vi  /etc/hosts.allow
sshd,sshdfwd-X11:  A.B.C.

## Set below iptables
Code:
# iptables -A INPUT -s W.X.Y.Z  -j DROP
# iptables -A OUTPUT -d W.X.Y.Z -j DROP
# service iptables save

# Now I can see below connection that with W.X.Y.Z
Code:
# netstat -antpu | grep -i W.X
tcp        0      1 A.B.C.Z:25631          W.X.Y.Z:6667          SYN_SENT    8997/sshd

Many time have killed this connection by killing above PID and after 1-2 minutes it again established connection over port: 666* that is below in my services files
Code:
ircu-3          6667/tcp        ircd    # IRCU
ircu-3          6667/udp        ircd    # IRCU

As per my understanding some of my system process is trying to sent packet to this W.X.Y.Z ip and waiting for ack response that is this SYN_SENT .

Please help me to find the root cause, how I can find which process/sw is trying to establish connection to this IP (W.X.Y.Z) and how I can block it fully ..

--Shirish Shukla
 

10 More Discussions You Might Find Interesting

1. IP Networking

Sniffing an established port

Hi All, On a solaris box A port B in which port B is established and receiving data. My question is how do i listen on that established port , how can i get the data received at box A: port B through my application I had searched the forum for the same, but i am unable to retrieve the... (5 Replies)
Discussion started by: matrixmadhan
5 Replies

2. Shell Programming and Scripting

{Urgent very need help} script for conn oracle and get the content

hi experts, very need help about script how to login into oracle database and select a table and append the query into a file. i have oracle database and have a table named omc_ip with fields like host_id(varchar2(20)),ip(varchar2(10)) and update_date(date). i want to build a script that... (15 Replies)
Discussion started by: bucci
15 Replies

3. UNIX for Advanced & Expert Users

bigbrother monitoring:conn ssh on server clients goes purple green alternatively

i am using big brother 1.9i.some clients are shut down.but server and other clients are on and bb is running successfullly on all of them.But network tests like conn ssh,telnet etc are going purple for some time and become green for some time on all clients and server reports are not updating..i... (1 Reply)
Discussion started by: pankajd
1 Replies

4. UNIX for Advanced & Expert Users

conn

hai , i want to connect to global ftp through ip address. remote type is unix. sometimes it is connecting some times connection timed out is coming what is solution (1 Reply)
Discussion started by: rajan_ka1
1 Replies

5. Shell Programming and Scripting

gcc source in C language:WHERE I FIND THEM??

Hi, sorry for my english, i want to find the C-sources of the compiler gcc because i must create a compiler for an educational architecture made by my information technology professor. He told me that i must start from this sources, compile the gcc with them (pratically "auto-compile" the... (2 Replies)
Discussion started by: ferruccio87
2 Replies

6. IP Networking

ESTABLISHED web process??

I put lsof -i -P -n into the terminal and this is the output. I believe i am being hacked?? lsof -i -P -n COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME SystemUIS 1578 melodysneed 9u IPv4 0x07d608ec 0t0 UDP *:* SystemUIS 1578 melodysneed 11u IPv4 0x0ba68810... (5 Replies)
Discussion started by: melodysneed
5 Replies

7. Shell Programming and Scripting

Help with find and source directories

Hi, How can i find the types of files in some directory(~/mydir) that start with word "fix" then followed by number 3, 4, 7 or 8 and end with .ccp or .in How can i find the total number of files that are larger than 5000 bytes in specific directory?, I can do it by current directory by using ... (4 Replies)
Discussion started by: kim1980
4 Replies

8. Shell Programming and Scripting

Find global variables, c source

Hello.I have been trying to solve the following problem, but to no avail. If anyone could please give me some indications, or anything, it would be amazing. A C source program and a type name are given. Determine from source, the list of the global variables having the given type. For each... (5 Replies)
Discussion started by: Susan78
5 Replies

9. HP-UX

Way to find source of a kill -9 in HP-UX

Hello Guys, Someone or, some tool has killed the application process with signal 9 (kill -9) . How to track that in HP-UX? On AIX we can use light-weight tool called ProbeVue to track it but not sure how to do it on HP-UX. Appreciate your help. Kelly Closed because this is... (0 Replies)
Discussion started by: aixusrsys
0 Replies

10. Solaris

Way to find source of a kill -9 in Solaris

Hello Guys, Someone or, some tool has killed the application process with signal 9 (kill -9) . How to track that in Solaris? On AIX we can use light-weight tool called ProbeVue to track it but not sure how to do it on Solaris. Appreciate your help. Kelly (3 Replies)
Discussion started by: aixusrsys
3 Replies

LEARN ABOUT CENTOS

libssh2_channel_direct_tcpip_ex

libssh2_channel_direct_tcpip_ex(3)				  libssh2 manual				libssh2_channel_direct_tcpip_ex(3)

NAME

       libssh2_channel_direct_tcpip_ex - Tunnel a TCP connection through an SSH session

SYNOPSIS

       #include <libssh2.h>

       LIBSSH2_CHANNEL * libssh2_channel_direct_tcpip_ex(LIBSSH2_SESSION *session, const char *host, int port, const char *shost, int sport);

       LIBSSH2_CHANNEL * libssh2_channel_direct_tcpip(LIBSSH2_SESSION *session, const char *host, int port);

DESCRIPTION

       session - Session instance as returned by libssh2_session_init_ex(3)

       host - Third party host to connect to using the SSH host as a proxy.

       port - Port on third party host to connect to.

       shost - Host to tell the SSH server the connection originated on.

       sport - Port to tell the SSH server the connection originated from.

       Tunnel  a TCP/IP connection through the SSH transport via the remote host to a third party. Communication from the client to the SSH server
       remains encrypted, communication from the server to the 3rd party host travels in cleartext.

RETURN VALUE

       Pointer to a newly allocated LIBSSH2_CHANNEL instance, or NULL on errors.

ERRORS

       LIBSSH2_ERROR_ALLOC -  An internal memory allocation call failed.

SEE ALSO

       libssh2_session_init_ex(3)

libssh2 0.15							    1 Jun 2007					libssh2_channel_direct_tcpip_ex(3)
All times are GMT -4. The time now is 08:08 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy