Extrange process, what to do next

Viewing 3 reply threads
  • Author
    Posts
    • #4458
      Anonymous
      Participant

      Hello guys, I’ve found that a Fedora Core 5 server Kernel 2.6.15-1.2054_FC5, is doing port scans, and we hace received complains about that, the extrange connection that I’ve found is this one:

      Netstat Oupput:

      tcp        0     65 192.168.200.8:45436         194.109.20.90:6669          ESTABLISHED 1925/bash

      Everytime that I kill the procc, it gets connected again in 30 secs, so I’ve don this:

      IPTABLES ACTION:

      2. I’ve done this on the server as a countermeasure


      iptables -A OUTPUT -d 194.109.20.0/24 -j DROP

      Thanks a lot for your advices

    • #28010
      Ketchup
      Participant

      This port has some associations with known remote control utilities.  What does netstat -antp tell the process using this port is?  In short, it looks like your box may have gotten owned.  Any chance you can decommission it and reinstall the OS?

    • #28011
      3PIL0GU3
      Participant

      Have you got a hardware based firewall or an IDS ie. Snort installed

    • #28012
      Anonymous
      Participant

      Nop, nothing new installed

Viewing 3 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?