Server 10.0 sending a lot of packs.
God morning I have a linux 9.3 and experienced that some times it start to send a lot of packs. I can not find the process doing that. Now I upgrated to 10.0 and it is doing the same thing, and my net is overloaded then. I hope to find what is doing this, a way is to make a new installation, but then I could get the same again a time. I experience some sh processes in defunct, and some syslogd with some process time. I hope that some one could guide me to find this stupid thing Regars Tage
On Friday 15 September 2006 22:03, Tage Danielsen wrote:
God morning
I have a linux 9.3 and experienced that some times it start to send a lot of packs. I can not find the process doing that. Now I upgrated to 10.0 and it is doing the same thing, and my net is overloaded then. I hope to find what is doing this, a way is to make a new installation, but then I could get the same again a time.
I suggest running netstat -anp as root to see where these packets might be going, and also what process is sending them. -- _____________________________________ John Andersen
I have a linux 9.3 and experienced that some times it start to send a lot of packs. I can not find the process doing that. Now I upgrated to 10.0 and it is doing the same thing, and my net is overloaded then. I hope to find what is doing this, a way is to make a new installation, but then I could get the same again a time.
I suggest running netstat -anp as root to see where these packets might be going, and also what process is sending them.
-- _____________________________________ John Andersen
Here come the result. I found that the adress 84.244.13.197 is sending me a lot of control packs. And now I am sending a mill. Packs to 200.42.96.36 linux:~ # netstat -anp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:904 0.0.0.0:* LISTEN 13414/xinetd tcp 0 0 127.0.0.1:10024 0.0.0.0:* LISTEN 7027/amavisd (maste tcp 0 0 0.0.0.0:5801 0.0.0.0:* LISTEN 13414/xinetd tcp 0 0 127.0.0.1:10025 0.0.0.0:* LISTEN 6394/master tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 6364/mysqld tcp 0 0 0.0.0.0:139 0.0.0.0:* LISTEN 7182/smbd tcp 0 0 127.0.0.1:844 0.0.0.0:* LISTEN 6180/fam tcp 0 0 0.0.0.0:5901 0.0.0.0:* LISTEN 13414/xinetd tcp 0 0 0.0.0.0:110 0.0.0.0:* LISTEN 13414/xinetd tcp 0 0 0.0.0.0:143 0.0.0.0:* LISTEN 13414/xinetd tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 5961/portmap tcp 0 0 10.10.10.240:80 83.93.123.215:1282 SYN_RECV - tcp 0 0 0.0.0.0:10000 0.0.0.0:* LISTEN 6311/perl tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 13414/xinetd tcp 0 0 0.0.0.0:631 0.0.0.0:* LISTEN 7181/cupsd tcp 0 0 0.0.0.0:5432 0.0.0.0:* LISTEN 6811/postmaster tcp 0 0 0.0.0.0:25 0.0.0.0:* LISTEN 6394/master tcp 0 0 0.0.0.0:32827 0.0.0.0:* LISTEN 12641/artsd tcp 0 0 127.0.0.1:37435 0.0.0.0:* LISTEN 9371/kded [kdeinit] tcp 0 0 0.0.0.0:445 0.0.0.0:* LISTEN 7182/smbd tcp 0 156 10.10.10.240:38386 84.244.13.197:4444 ESTABLISHED 8809/[syslogd] tcp 0 157 10.10.10.240:38425 84.244.13.197:4444 LAST_ACK - tcp 0 156 10.10.10.240:38424 84.244.13.197:4444 ESTABLISHED 8642/[syslogd] tcp 0 145 10.10.10.240:38427 84.244.13.197:4444 ESTABLISHED 8855/[syslogd] tcp 0 156 10.10.10.240:38421 84.244.13.197:4444 ESTABLISHED 8783/[syslogd] tcp 0 1 10.10.10.240:38441 84.244.13.197:4444 SYN_SENT 8923/[syslogd] tcp 0 1 10.10.10.240:38440 84.244.13.197:4444 SYN_SENT 8816/[syslogd] tcp 0 1 10.10.10.240:38445 84.244.13.197:4444 SYN_SENT 8865/[syslogd] tcp 0 1 10.10.10.240:38446 84.244.13.197:4444 SYN_SENT 8940/[syslogd] tcp 0 156 10.10.10.240:38432 84.244.13.197:4444 ESTABLISHED 8900/[syslogd] tcp 0 1 10.10.10.240:38439 84.244.13.197:4444 SYN_SENT 8933/[syslogd] tcp 0 157 10.10.10.240:32848 84.244.13.197:4444 LAST_ACK - tcp 0 0 10.10.10.240:445 204.244.108.132:4545 ESTABLISHED 11849/smbd tcp 0 84 10.10.10.240:41013 84.244.13.197:4444 ESTABLISHED 8605/[syslogd] tcp 0 368 10.10.10.240:46369 190.48.161.25:6667 ESTABLISHED 12617/[syslogd] tcp 0 1 10.10.10.240:39859 24.131.99.227:6667 SYN_SENT 8787/[syslogd] tcp 0 1 10.10.10.240:39861 24.131.99.227:6667 SYN_SENT 8795/[syslogd] tcp 0 1 10.10.10.240:39860 24.131.99.227:6667 SYN_SENT 8834/[syslogd] tcp 0 22 10.10.10.240:41277 85.25.60.140:9870 ESTABLISHED 11804/httpds tcp 0 0 10.10.10.240:33581 24.131.99.227:6667 ESTABLISHED 8670/[syslogd] tcp 0 1 10.10.10.240:47596 200.42.96.36:9999 SYN_SENT 13522/[syslogd] tcp 0 1 10.10.10.240:47595 200.42.96.36:9999 SYN_SENT 13520/[syslogd] tcp 0 1 10.10.10.240:38177 200.42.96.36:6667 SYN_SENT 13529/[syslogd] tcp 0 1 10.10.10.240:38178 200.42.96.36:6667 SYN_SENT 13531/[syslogd] tcp 0 1 10.10.10.240:38179 200.42.96.36:6667 SYN_SENT 13533/[syslogd] tcp 0 4 10.10.10.240:445 200.157.11.10:3606 ESTABLISHED 8611/smbd tcp 0 0 ::1:10025 :::* LISTEN 6394/master tcp 0 0 :::80 :::* LISTEN 6990/httpd2-prefork tcp 0 0 :::22 :::* LISTEN 6264/sshd tcp 0 0 :::5432 :::* LISTEN 6811/postmaster tcp 0 0 :::25 :::* LISTEN 6394/master tcp 1 0 10.10.10.240:80 203.63.5.173:43620 CLOSE_WAIT 7958/httpd2-prefork tcp 1 0 10.10.10.240:80 85.221.124.100:52712 CLOSE_WAIT 7388/httpd2-prefork tcp 1 0 10.10.10.240:80 81.219.226.2:3095 CLOSE_WAIT 8806/httpd2-prefork tcp 1 0 10.10.10.240:80 83.223.100.26:37770 CLOSE_WAIT 7175/httpd2-prefork tcp 1 0 10.10.10.240:80 70.85.206.18:48043 CLOSE_WAIT 8802/httpd2-prefork tcp 1 0 10.10.10.240:80 217.148.182.6:56069 CLOSE_WAIT 7179/httpd2-prefork tcp 1 0 10.10.10.240:80 212.112.226.200:46844 CLOSE_WAIT 8884/httpd2-prefork tcp 1 0 10.10.10.240:80 193.192.58.2:33196 CLOSE_WAIT 7178/httpd2-prefork tcp 1 0 10.10.10.240:80 203.63.5.173:43746 CLOSE_WAIT 8676/httpd2-prefork tcp 1 0 10.10.10.240:80 216.91.137.140:39614 CLOSE_WAIT 7177/httpd2-prefork tcp 1 0 10.10.10.240:80 202.163.202.147:52125 CLOSE_WAIT 8850/httpd2-prefork tcp 1 0 10.10.10.240:80 202.163.202.147:52114 CLOSE_WAIT 8836/httpd2-prefork tcp 1 0 10.10.10.240:80 216.91.137.140:39706 CLOSE_WAIT 8790/httpd2-prefork udp 0 0 0.0.0.0:32768 0.0.0.0:* 5894/mdnsd udp 0 0 127.0.0.1:32769 127.0.0.1:32769 ESTABLISHED 6811/postmaster udp 0 0 127.0.0.1:32775 0.0.0.0:* 8611/smbd udp 0 0 10.10.10.240:137 0.0.0.0:* 6292/nmbd udp 0 0 0.0.0.0:137 0.0.0.0:* 6292/nmbd udp 0 0 10.10.10.240:138 0.0.0.0:* 6292/nmbd udp 0 0 0.0.0.0:138 0.0.0.0:* 6292/nmbd udp 0 0 0.0.0.0:10000 0.0.0.0:* 6311/perl udp 0 0 127.0.0.1:34838 0.0.0.0:* 11849/smbd udp 0 0 0.0.0.0:35116 0.0.0.0:* 13500/[syslogd] udp 0 0 0.0.0.0:35119 0.0.0.0:* 13508/[syslogd] udp 0 0 0.0.0.0:35122 0.0.0.0:* 13512/[syslogd] udp 0 0 0.0.0.0:35126 0.0.0.0:* 13518/[syslogd] udp 0 0 10.10.10.240:35138 194.239.134.83:53 ESTABLISHED 6127/nscd udp 0 0 10.10.10.240:35139 193.162.153.164:53 ESTABLISHED 6127/nscd udp 0 0 0.0.0.0:5353 0.0.0.0:* 5894/mdnsd udp 0 0 0.0.0.0:111 0.0.0.0:* 5961/portmap udp 0 0 0.0.0.0:631 0.0.0.0:* 7181/cupsd udp 0 0 :::177 :::* 6936/kdm Active UNIX domain sockets (servers and established) Proto RefCnt Flags Type State I-Node PID/Program name Path unix 2 [ ACC ] STREAM LISTENING 12727 6062/acpid /var/run/acpid.socket unix 16 [ ] DGRAM 11522 5562/syslog-ng /dev/log unix 2 [ ACC ] STREAM LISTENING 64820 9386/ksmserver [kde /tmp/.ICE-unix/9386 unix 2 [ ACC ] STREAM LISTENING 64531 9322/gpg-agent /tmp/gpg-SE6uKn/S.gpg-agent unix 2 [ ACC ] STREAM LISTENING 64626 9366/dcopserver [kd /tmp/.ICE-unix/dcop9366-1158388997 unix 2 [ ACC ] STREAM LISTENING 64536 9323/ssh-agent /tmp/ssh-oPKmS9274/agent.9274 unix 2 [ ACC ] STREAM LISTENING 64647 9368/klauncher [kde /tmp/ksocket-root/klauncherVUp93b.slave-socket unix 2 [ ACC ] STREAM LISTENING 64614 9363/kdeinit Runnin /tmp/ksocket-root/kdeinit__0 unix 2 [ ACC ] STREAM LISTENING 64616 9363/kdeinit Runnin /tmp/ksocket-root/kdeinit-:0 unix 2 [ ] DGRAM 14190 6548/hald @/var/run/hal/hotplug_socket2 unix 2 [ ACC ] STREAM LISTENING 14189 6548/hald @/tmp/hald-local/dbus-p4pBahimES unix 2 [ ] DGRAM 5576 3104/udevd @/org/kernel/udev/udevd unix 2 [ ACC ] STREAM LISTENING 12327 5894/mdnsd /var/run/mdnsd unix 2 [ ] DGRAM 11590 5562/syslog-ng /var/lib/ntp/dev/log unix 2 [ ACC ] STREAM LISTENING 12858 6134/netdaemon /var/run/netapplet.socket unix 2 [ ACC ] STREAM LISTENING 12855 6127/nscd /var/run/nscd/socket unix 2 [ ACC ] STREAM LISTENING 11560 5589/resmgrd /var/run/.resmgr_socket unix 2 [ ACC ] STREAM LISTENING 13781 6394/master public/cleanup unix 2 [ ACC ] STREAM LISTENING 13794 6394/master private/rewrite unix 2 [ ACC ] STREAM LISTENING 13798 6394/master private/bounce unix 2 [ ACC ] STREAM LISTENING 13802 6394/master private/defer unix 2 [ ACC ] STREAM LISTENING 13806 6394/master private/trace unix 2 [ ACC ] STREAM LISTENING 13810 6394/master private/verify unix 2 [ ACC ] STREAM LISTENING 13814 6394/master public/flush unix 2 [ ACC ] STREAM LISTENING 13818 6394/master private/proxymap unix 2 [ ACC ] STREAM LISTENING 13822 6394/master private/smtp unix 2 [ ACC ] STREAM LISTENING 13826 6394/master private/relay unix 2 [ ACC ] STREAM LISTENING 13830 6394/master public/showq unix 2 [ ACC ] STREAM LISTENING 13834 6394/master private/error unix 2 [ ACC ] STREAM LISTENING 13838 6394/master private/discard unix 2 [ ACC ] STREAM LISTENING 13842 6394/master private/local unix 2 [ ACC ] STREAM LISTENING 11598 5604/dbus-daemon /var/run/dbus/system_bus_socket unix 2 [ ACC ] STREAM LISTENING 13846 6394/master private/virtual unix 2 [ ACC ] STREAM LISTENING 13850 6394/master private/lmtp unix 2 [ ACC ] STREAM LISTENING 13854 6394/master private/anvil unix 2 [ ACC ] STREAM LISTENING 13870 6394/master private/scache unix 2 [ ACC ] STREAM LISTENING 13874 6394/master private/maildrop unix 2 [ ACC ] STREAM LISTENING 13878 6394/master private/cyrus unix 2 [ ACC ] STREAM LISTENING 13882 6394/master private/uucp unix 2 [ ACC ] STREAM LISTENING 13886 6394/master private/ifmail unix 2 [ ACC ] STREAM LISTENING 13890 6394/master private/bsmtp unix 2 [ ACC ] STREAM LISTENING 13894 6394/master private/procmail unix 2 [ ACC ] STREAM LISTENING 15057 6364/mysqld /var/lib/mysql/mysql.sock unix 2 [ ACC ] STREAM LISTENING 99771 12641/artsd /tmp/ksocket-root/linux.htd-information.dk-3161-450ba35c unix 2 [ ACC ] STREAM LISTENING 15466 6811/postmaster /tmp/.s.PGSQL.5432 unix 2 [ ACC ] STREAM LISTENING 64553 9332/dbus-daemon @/tmp/dbus-zmLMVbFJgp unix 2 [ ACC ] STREAM LISTENING 15715 6936/kdm /var/run/xdmctl/dmctl/socket unix 2 [ ACC ] STREAM LISTENING 59444 9171/X /tmp/.X11-unix/X0 unix 2 [ ACC ] STREAM LISTENING 59448 6936/kdm /var/run/xdmctl/dmctl-:0/socket unix 2 [ ACC ] STREAM LISTENING 15949 7027/amavisd (maste /var/spool/amavis/amavisd.sock unix 2 [ ] DGRAM 11588 5562/syslog-ng /var/lib/named/dev/log unix 2 [ ] DGRAM 11524 5562/syslog-ng /var/lib/dhcp/dev/log unix 2 [ ] DGRAM 66225662 6292/nmbd unix 3 [ ] STREAM CONNECTED 15753451 9366/dcopserver [kd /tmp/.ICE-unix/dcop9366-1158388997 unix 3 [ ] STREAM CONNECTED 15753450 13453/konsole [kdei unix 3 [ ] STREAM CONNECTED 15753445 9386/ksmserver [kde /tmp/.ICE-unix/9386 unix 3 [ ] STREAM CONNECTED 15753444 13453/konsole [kdei unix 3 [ ] STREAM CONNECTED 15753441 9171/X /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 15753440 13453/konsole [kdei unix 2 [ ] DGRAM 15752962 13414/xinetd unix 3 [ ] STREAM CONNECTED 15751963 9368/klauncher [kde /tmp/ksocket-root/klauncherVUp93b.slave-socket unix 3 [ ] STREAM CONNECTED 15751961 12622/kcontrolm6yio unix 3 [ ] STREAM CONNECTED 3126376 9366/dcopserver [kd /tmp/.ICE-unix/dcop9366-1158388997 unix 3 [ ] STREAM CONNECTED 3126375 12789/konsole [kdei unix 3 [ ] STREAM CONNECTED 3126370 9386/ksmserver [kde /tmp/.ICE-unix/9386 unix 3 [ ] STREAM CONNECTED 3126369 12789/konsole [kdei unix 3 [ ] STREAM CONNECTED 3126367 9171/X /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 3126366 12789/konsole [kdei unix 3 [ ] STREAM CONNECTED 105961 9366/dcopserver [kd /tmp/.ICE-unix/dcop9366-1158388997 unix 3 [ ] STREAM CONNECTED 105960 12720/konsole [kdei unix 3 [ ] STREAM CONNECTED 105955 9386/ksmserver [kde /tmp/.ICE-unix/9386 unix 3 [ ] STREAM CONNECTED 105954 12720/konsole [kdei unix 3 [ ] STREAM CONNECTED 105949 9171/X /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 105948 12720/konsole [kdei unix 3 [ ] STREAM CONNECTED 100239 9386/ksmserver [kde /tmp/.ICE-unix/9386 unix 3 [ ] STREAM CONNECTED 100238 12655/knotify [kdei unix 3 [ ] STREAM CONNECTED 100222 9171/X /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 100221 12655/knotify [kdei unix 3 [ ] STREAM CONNECTED 100213 9366/dcopserver [kd /tmp/.ICE-unix/dcop9366-1158388997 unix 3 [ ] STREAM CONNECTED 100212 12655/knotify [kdei unix 3 [ ] STREAM CONNECTED 65442 6180/fam /tmp/.famRtkufG unix 3 [ ] STREAM CONNECTED 65441 9399/susewatcher [k unix 3 [ ] STREAM CONNECTED 65379 5604/dbus-daemon /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 65378 9395/kpowersave [kd unix 3 [ ] STREAM CONNECTED 65353 6180/fam /tmp/.famTsKfDD unix 3 [ ] STREAM CONNECTED 65352 9391/kicker [kdeini unix 3 [ ] STREAM CONNECTED 65337 9386/ksmserver [kde /tmp/.ICE-unix/9386 unix 3 [ ] STREAM CONNECTED 65336 9396/klipper [kdein unix 3 [ ] STREAM CONNECTED 65220 5604/dbus-daemon /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 65219 9402/suseplugger [k unix 3 [ ] STREAM CONNECTED 65213 9366/dcopserver [kd /tmp/.ICE-unix/dcop9366-1158388997 unix 3 [ ] STREAM CONNECTED 65206 9404/konqueror [kde unix 3 [ ] STREAM CONNECTED 65185 9171/X /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 65184 9396/klipper [kdein unix 3 [ ] STREAM CONNECTED 65191 9386/ksmserver [kde /tmp/.ICE-unix/9386 unix 3 [ ] STREAM CONNECTED 65180 9395/kpowersave [kd unix 3 [ ] STREAM CONNECTED 65190 9386/ksmserver [kde /tmp/.ICE-unix/9386 unix 3 [ ] STREAM CONNECTED 65159 9404/konqueror [kde unix 3 [ ] STREAM CONNECTED 65188 9386/ksmserver [kde /tmp/.ICE-unix/9386 unix 3 [ ] STREAM CONNECTED 65157 9399/susewatcher [k unix 3 [ ] STREAM CONNECTED 65187 9386/ksmserver [kde /tmp/.ICE-unix/9386 unix 3 [ ] STREAM CONNECTED 65156 9402/suseplugger [k unix 12 [ ] STREAM CONNECTED 65146 9171/X /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 65024 9368/klauncher [kde unix 3 [ ] STREAM CONNECTED 65145 9171/X /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 65023 9402/suseplugger [k unix 3 [ ] STREAM CONNECTED 65017 9171/X /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 65016 9404/konqueror [kde unix 3 [ ] STREAM CONNECTED 65012 9171/X /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 65011 9399/susewatcher [k unix 3 [ ] STREAM CONNECTED 65008 9366/dcopserver [kd /tmp/.ICE-unix/dcop9366-1158388997 unix 3 [ ] STREAM CONNECTED 64995 9402/suseplugger [k unix 3 [ ] STREAM CONNECTED 65007 9366/dcopserver [kd /tmp/.ICE-unix/dcop9366-1158388997 unix 3 [ ] STREAM CONNECTED 64991 9399/susewatcher [k unix 3 [ ] STREAM CONNECTED 64985 9366/dcopserver [kd /tmp/.ICE-unix/dcop9366-1158388997 unix 3 [ ] STREAM CONNECTED 64984 9396/klipper [kdein unix 3 [ ] STREAM CONNECTED 64982 9171/X /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 64981 9395/kpowersave [kd unix 3 [ ] STREAM CONNECTED 64978 9366/dcopserver [kd /tmp/.ICE-unix/dcop9366-1158388997 unix 3 [ ] STREAM CONNECTED 64977 9395/kpowersave [kd unix 3 [ ] STREAM CONNECTED 64966 9386/ksmserver [kde /tmp/.ICE-unix/9386 unix 3 [ ] STREAM CONNECTED 64965 9391/kicker [kdeini unix 3 [ ] STREAM CONNECTED 64942 9171/X /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 64941 9391/kicker [kdeini unix 3 [ ] STREAM CONNECTED 64940 9366/dcopserver [kd /tmp/.ICE-unix/dcop9366-1158388997 unix 3 [ ] STREAM CONNECTED 64939 9391/kicker [kdeini unix 3 [ ] STREAM CONNECTED 64934 6180/fam /tmp/.famPONK5G unix 3 [ ] STREAM CONNECTED 64933 9389/kdesktop [kdei unix 3 [ ] STREAM CONNECTED 64899 9386/ksmserver [kde /tmp/.ICE-unix/9386 unix 3 [ ] STREAM CONNECTED 64898 9389/kdesktop [kdei unix 3 [ ] STREAM CONNECTED 64895 9171/X /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 64894 9389/kdesktop [kdei unix 3 [ ] STREAM CONNECTED 64890 9366/dcopserver [kd /tmp/.ICE-unix/dcop9366-1158388997 unix 3 [ ] STREAM CONNECTED 64889 9389/kdesktop [kdei unix 3 [ ] STREAM CONNECTED 64884 9386/ksmserver [kde /tmp/.ICE-unix/9386 unix 3 [ ] STREAM CONNECTED 64883 9387/kwin [kdeinit] unix 3 [ ] STREAM CONNECTED 64882 9366/dcopserver [kd /tmp/.ICE-unix/dcop9366-1158388997 unix 3 [ ] STREAM CONNECTED 64881 9387/kwin [kdeinit] unix 3 [ ] STREAM CONNECTED 64833 9386/ksmserver [kde /tmp/.ICE-unix/9386 unix 3 [ ] STREAM CONNECTED 64832 9387/kwin [kdeinit] unix 3 [ ] STREAM CONNECTED 64825 9171/X /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 64824 9387/kwin [kdeinit] unix 3 [ ] STREAM CONNECTED 64816 9366/dcopserver [kd /tmp/.ICE-unix/dcop9366-1158388997 unix 3 [ ] STREAM CONNECTED 64815 9386/ksmserver [kde unix 3 [ ] STREAM CONNECTED 64806 9171/X /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 64805 9386/ksmserver [kde unix 3 [ ] STREAM CONNECTED 64799 9386/ksmserver [kde /tmp/ksocket-root/kdeinit__0 unix 3 [ ] STREAM CONNECTED 64798 9384/kwrapper unix 3 [ ] STREAM CONNECTED 64795 5604/dbus-daemon /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 64794 9371/kded [kdeinit] unix 3 [ ] STREAM CONNECTED 64793 9366/dcopserver [kd /tmp/.ICE-unix/dcop9366-1158388997 unix 3 [ ] STREAM CONNECTED 64792 9371/kded [kdeinit] unix 3 [ ] STREAM CONNECTED 64771 9171/X /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 64770 9371/kded [kdeinit] unix 3 [ ] STREAM CONNECTED 64763 9171/X /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 64760 9380/kaccess [kdein unix 3 [ ] STREAM CONNECTED 64759 9366/dcopserver [kd /tmp/.ICE-unix/dcop9366-1158388997 unix 3 [ ] STREAM CONNECTED 64758 9380/kaccess [kdein unix 3 [ ] STREAM CONNECTED 64699 9171/X /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 64698 9363/kdeinit Runnin unix 3 [ ] STREAM CONNECTED 64680 6180/fam /tmp/.famzGZAoV unix 3 [ ] STREAM CONNECTED 64678 9371/kded [kdeinit] unix 3 [ ] STREAM CONNECTED 64663 9171/X /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 64662 9371/kded [kdeinit] unix 3 [ ] STREAM CONNECTED 64660 9366/dcopserver [kd /tmp/.ICE-unix/dcop9366-1158388997 unix 3 [ ] STREAM CONNECTED 64659 9371/kded [kdeinit] unix 3 [ ] STREAM CONNECTED 64641 9366/dcopserver [kd /tmp/.ICE-unix/dcop9366-1158388997 unix 3 [ ] STREAM CONNECTED 64640 9368/klauncher [kde unix 3 [ ] STREAM CONNECTED 64638 9368/klauncher [kde unix 3 [ ] STREAM CONNECTED 64637 9363/kdeinit Runnin unix 3 [ ] STREAM CONNECTED 64557 9171/X /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 64556 9333/dbus-launch unix 3 [ ] STREAM CONNECTED 64555 9332/dbus-daemon unix 3 [ ] STREAM CONNECTED 64554 9332/dbus-daemon unix 4 [ ] STREAM CONNECTED 59492 9171/X /tmp/.X11-unix/X0 unix 3 [ ] STREAM CONNECTED 59454 9174/-:0 unix 2 [ ] DGRAM 57741 9107/pickup unix 2 [ ] DGRAM 31645 8847/amavisd (ch7-a unix 2 [ ] DGRAM 26843 8760/amavisd (ch7-a unix 2 [ ] DGRAM 17073 7182/smbd unix 2 [ ] DGRAM 15672 7027/amavisd (maste unix 3 [ ] STREAM CONNECTED 15418 5604/dbus-daemon /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 15417 6548/hald unix 2 [ ] DGRAM 15416 3104/udevd unix 3 [ ] STREAM CONNECTED 15223 6548/hald @/tmp/hald-local/dbus-p4pBahimES unix 3 [ ] STREAM CONNECTED 15216 6699/hald-addon-sto unix 3 [ ] STREAM CONNECTED 15015 6062/acpid /var/run/acpid.socket unix 3 [ ] STREAM CONNECTED 15014 6617/iald unix 3 [ ] STREAM CONNECTED 15013 5604/dbus-daemon /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 15012 6617/iald unix 3 [ ] STREAM CONNECTED 14959 6062/acpid /var/run/acpid.socket unix 3 [ ] STREAM CONNECTED 14958 6594/hald-addon-acp unix 3 [ ] STREAM CONNECTED 15060 6548/hald @/tmp/hald-local/dbus-p4pBahimES unix 3 [ ] STREAM CONNECTED 14957 6594/hald-addon-acp unix 3 [ ] STREAM CONNECTED 14173 5604/dbus-daemon /var/run/dbus/system_bus_socket unix 3 [ ] STREAM CONNECTED 14172 6543/powersaved unix 3 [ ] STREAM CONNECTED 14174 6062/acpid /var/run/acpid.socket unix 3 [ ] STREAM CONNECTED 14171 6543/powersaved unix 2 [ ] DGRAM 14168 6543/powersaved unix 2 [ ] DGRAM 13919 6425/qmgr unix 3 [ ] STREAM CONNECTED 13897 6394/master unix 3 [ ] STREAM CONNECTED 13896 6394/master unix 3 [ ] STREAM CONNECTED 13893 6394/master unix 3 [ ] STREAM CONNECTED 13892 6394/master unix 3 [ ] STREAM CONNECTED 13889 6394/master unix 3 [ ] STREAM CONNECTED 13888 6394/master unix 3 [ ] STREAM CONNECTED 13885 6394/master unix 3 [ ] STREAM CONNECTED 13884 6394/master unix 3 [ ] STREAM CONNECTED 13881 6394/master unix 3 [ ] STREAM CONNECTED 13880 6394/master unix 3 [ ] STREAM CONNECTED 13877 6394/master unix 3 [ ] STREAM CONNECTED 13876 6394/master unix 3 [ ] STREAM CONNECTED 13873 6394/master unix 3 [ ] STREAM CONNECTED 13872 6394/master unix 3 [ ] STREAM CONNECTED 13869 6394/master unix 3 [ ] STREAM CONNECTED 13868 6394/master unix 3 [ ] STREAM CONNECTED 13857 6394/master unix 3 [ ] STREAM CONNECTED 13856 6394/master unix 3 [ ] STREAM CONNECTED 13853 6394/master unix 3 [ ] STREAM CONNECTED 13852 6394/master unix 3 [ ] STREAM CONNECTED 13849 6394/master unix 3 [ ] STREAM CONNECTED 13848 6394/master unix 3 [ ] STREAM CONNECTED 13845 6394/master unix 3 [ ] STREAM CONNECTED 13844 6394/master unix 3 [ ] STREAM CONNECTED 13841 6394/master unix 3 [ ] STREAM CONNECTED 13840 6394/master unix 3 [ ] STREAM CONNECTED 13837 6394/master unix 3 [ ] STREAM CONNECTED 13836 6394/master unix 3 [ ] STREAM CONNECTED 13833 6394/master unix 3 [ ] STREAM CONNECTED 13832 6394/master unix 3 [ ] STREAM CONNECTED 13829 6394/master unix 3 [ ] STREAM CONNECTED 13828 6394/master unix 3 [ ] STREAM CONNECTED 13825 6394/master unix 3 [ ] STREAM CONNECTED 13824 6394/master unix 3 [ ] STREAM CONNECTED 13821 6394/master unix 3 [ ] STREAM CONNECTED 13820 6394/master unix 3 [ ] STREAM CONNECTED 13817 6394/master unix 3 [ ] STREAM CONNECTED 13816 6394/master unix 3 [ ] STREAM CONNECTED 13813 6394/master unix 3 [ ] STREAM CONNECTED 13812 6394/master unix 3 [ ] STREAM CONNECTED 13809 6394/master unix 3 [ ] STREAM CONNECTED 13808 6394/master unix 3 [ ] STREAM CONNECTED 13805 6394/master unix 3 [ ] STREAM CONNECTED 13804 6394/master unix 3 [ ] STREAM CONNECTED 13801 6394/master unix 3 [ ] STREAM CONNECTED 13800 6394/master unix 3 [ ] STREAM CONNECTED 13797 6394/master unix 3 [ ] STREAM CONNECTED 13796 6394/master unix 3 [ ] STREAM CONNECTED 13793 6394/master unix 3 [ ] STREAM CONNECTED 13792 6394/master unix 3 [ ] STREAM CONNECTED 13788 6394/master unix 3 [ ] STREAM CONNECTED 13787 6394/master unix 3 [ ] STREAM CONNECTED 13780 6394/master unix 3 [ ] STREAM CONNECTED 13779 6394/master unix 3 [ ] STREAM CONNECTED 13777 6394/master unix 3 [ ] STREAM CONNECTED 13776 6394/master unix 2 [ ] DGRAM 13757 6417/cron unix 2 [ ] DGRAM 13707 6394/master unix 2 [ ] DGRAM 13381 6311/perl unix 2 [ ] DGRAM 12985 5597/klogd unix 3 [ ] STREAM CONNECTED 11601 5604/dbus-daemon unix 3 [ ] STREAM CONNECTED 11600 5604/dbus-daemon linux:~ #
On Friday 15 September 2006 23:46, Tage Danielsen wrote:
I have a linux 9.3 and experienced that some times it start to send a lot of packs. I can not find the process doing that. Now I upgrated to 10.0
and
it is doing the same thing, and my net is overloaded then. I hope to find what is doing this, a way is to make a new installation, but then I could get the same again a time.
I suggest running netstat -anp as root to see where these packets might be going, and also what process is sending them.
-- _____________________________________ John Andersen
Here come the result. I found that the adress 84.244.13.197 is sending me a lot of control packs.
And now I am sending a mill. Packs to 200.42.96.36
linux:~ # netstat -anp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State
---trimmed
tcp 0 156 10.10.10.240:38386 84.244.13.197:4444 ESTABLISHED 8809/[syslogd] tcp 0 157 10.10.10.240:38425 84.244.13.197:4444
Very weird, the first is Lycos europe, the second is Prima S.A. in Buenos Aires Implications are that you have Kerberos v5 installed and active. -- _____________________________________ John Andersen
On Friday 15 September 2006 23:46, Tage Danielsen wrote:
I have a linux 9.3 and experienced that some times it start to send a lot of packs. I can not find the process doing that. Now I upgrated to 10.0
linux:~ # netstat -anp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:904 0.0.0.0:* LISTEN
Whoa, missed that one above... Are you running Vmware Server in this machine? Are you running Windows in vmware? If so, is is using bridged virtual nics? -- _____________________________________ John Andersen
On Saturday 16 September 2006 08:03, Tage Danielsen wrote:
God morning
I have a linux 9.3 and experienced that some times it start to send a lot of packs. I can not find the process doing that. Now I upgrated to 10.0 and it is doing the same thing, and my net is overloaded then. I hope to find what is doing this, a way is to make a new installation, but then I could get the same again a time.
Install and run ntopd, it is included in both 9.3 and 10.0 (and 10.1 too, for that matter) it will give you a nice presentation of your network traffic If you run it on the your desktop machine, point your browser to http://localhost:3000 once it's running, and view the stats
Install and run ntopd, it is included in both 9.3 and 10.0 (and 10.1 too, for that matter)
it will give you a nice presentation of your network traffic
If you run it on the your desktop machine, point your browser to http://localhost:3000 once it's running, and view the stats
It is installed, but no responds on that address, and I have now put a line in /etc/hosts.deny syslogd deny except local I hope we find the hole /tage
God morning
I have a linux 9.3 and experienced that some times it start to send a lot of packs. I can not find the process doing that. Now I upgrated to 10.0 and it is doing the same thing, and my net is overloaded then. I hope to find what is doing this, a way is to make a new installation, but then I could get the same again a time.
I experience some sh processes in defunct, and some syslogd with some process time.
I hope that some one could guide me to find this stupid thing
Regars Tage
Hello I send this mail in the morning, and I found the hole, it was not Suse linux there was insecure!!! And that was importand to me to know, it was some of the components in Mambo in one of the websides. I will thanks for the help all did for me to find the problem, so we can all use Suse and feel secure. Thanks Tage
* Tage Danielsen
I send this mail in the morning, and I found the hole, it was not Suse linux there was insecure!!! And that was importand to me to know, it was some of the components in Mambo in one of the websides. I will thanks for the help all did for me to find the problem, so we can all use Suse and feel secure.
Well, gee. Please don't tell us what it was. I'm sure that no one is interested or may have a similar problem happen. -- Patrick Shanahan Registered Linux User #207535 http://wahoo.no-ip.org @ http://counter.li.org HOG # US1244711 Photo Album: http://wahoo.no-ip.org/gallery2
participants (4)
-
Anders Johansson
-
John Andersen
-
Patrick Shanahan
-
Tage Danielsen