Re: Netstat command Help

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 2007-08-16 at 22:45 +0100, Paul Ward wrote:
> Hello,
> 
> Can someone explain to me what the netstat command is showing on my server.
> Is mythtv making outgoing connections or are they incoming?
> Is this something to worry about?
> 
> tcp        0      0 mythtv:49189
> 213.red-83-60-5:privatechat ESTABLISHED
> tcp        0     17 mythtv:49189
> 151.125.226.200.in-add:4378 ESTABLISHED
> tcp        0      0 mythtv:49189
> c-75-71-211-38.hsd1.c:vchat ESTABLISHED
> tcp        0      0 mythtv:49189
> dxb-as11957.alshamil:ka0wuc ESTABLISHED
> tcp        0      0 mythtv:49189
> cpc2-stkn3-0-0-cust288:stvp ESTABLISHED
> tcp        0      0 mythtv:35177                151.66.160.74:35024
>      ESTABLISHED
> tcp        0      0 mythtv:49189
> 5ac32ed8.bb.sky.co:rt-event ESTABLISHED
> tcp        0      0 mythtv:56264                mythtv:lds-distrib
>      TIME_WAIT
> tcp        0      0 mythtv:56263                mythtv:lds-distrib
>      TIME_WAIT
> tcp        0   2920 mythtv:49189
> 89-180-44-234.:discp-client ESTABLISHED
> tcp        0      0 mythtv:49189
> static-76-31-224-77:journee ESTABLISHED
> tcp        0      0 mythtv:49189
> c906d4e5.virtua.com.:n1-fwp ESTABLISHED
> tcp        0      0 mythtv:49189
> 201.247.208.1:mkm-discovery ESTABLISHED
> tcp        0      0 mythtv:49189
> eu85-84-181-235.c:metaagent ESTABLISHED
> tcp        0      0 mythtv:46102
> bb-87-80-14-145.ukonl:23491 ESTABLISHED
> tcp        0      0 mythtv:49189
> 81.203.236.21.dyn.use:ff-sm ESTABLISHED
> tcp        0      0 mythtv:49189
> 47.red-81-41:spw-dnspreload ESTABLISHED
> tcp        0      0 mythtv:49189
> acd15a0f.ipt.aol.com:57607  ESTABLISHED
> tcp        0      0 mythtv:49189
> 196.211.12.74:slc-systemlog ESTABLISHED
> tcp        0      0 mythtv:49189
> 201-254-170-207.speedy:msmq ESTABLISHED
> tcp        0      0 mythtv:49189
> a88-114-123-113.elisa:61136 ESTABLISHED
> tcp        0      0 mythtv:49189
> r190-64-194-173.dialup:3977 ESTABLISHED
> tcp        0      0 mythtv:49189
> 116.46.rev.vline:valisys-lm ESTABLISHED

Sure looks like you got hacked.  Someone's running a server on your
machine that a lot of people are connected to.  It's listening on
port 49189, so do a "netstat -lpn" and find which process that is and
KILL THE DAMNED THING.  You'd better do a rootkit scan while you're
at it.

----------------------------------------------------------------------
- Rick Stevens, Principal Engineer             rstevens@xxxxxxxxxxxx -
- CDN Systems, Internap, Inc.                http://www.internap.com -
-                                                                    -
-             To iterate is human, to recurse, divine.               -
----------------------------------------------------------------------
[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux