[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

netstat

I use netstat to check what's going on with the ports on my hosted server each night, and I have got this entry (see below, last on the list).
This has occurred 3 days in a row now. This is not a user, and I have jakarta-tomcat running a java appserver on that HTTPS port. I can't see any trace of activity relating to this in the java logs.
Could it be malicious? Could it be a connection that has cracked the port and is using it for root access? I ran chkrootkit but found nothing. 

Thanks
Adam



-------- Original Message --------
To: adam
Subject: netstat
Message-Id: <2006
Date: Fri, 17 Feb 2006 05:00:07 +0000 (GMT)
From: root@hardya
Envelope-To: adam

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 *:mysql *:* LISTEN 296/mysqld tcp 0 0 *:ssh *:* LISTEN 252/sshd tcp 0 0 *:12121 *:* LISTEN 298/perl tcp 0 0 *:smtp *:* LISTEN 243/master tcp 0 0 localhost:8005 *:* LISTEN 421/java tcp 0 0 *:www *:* LISTEN 421/java tcp 0 0 *:https *:* LISTEN 421/java tcp 1 0 localhost:4989 localhost:mysql CLOSE_WAIT 421/java tcp 0 0 hardyaa1.miniserv:https bosch.netcraft.com:4800 ESTABLISHED 421/java
Reply to: