Hi,
This may be a newbie question, i'm concerned about security on my box:
I started to see a lot of HTTPS connections from/to localhost6.localdomain6
I'm trying to find out where these could come from and why they are being established. How can I find out which processes, users, scripts or whatever are initiating these connections?
To my knowledge there are no users/websites on this server using https. Why would the box make so many HTTPS connection to itself?
I'm running 2.6.18-53.1.21.el5 (mockbuild@builder6.centos.org) with Direct Admin.
Code:
# netstat -T |grep https
tcp 0 0 localhost6.localdomain6:https localhost6.localdomain6:59683 TIME_WAIT
tcp 0 0 localhost6.localdomain6:https localhost6.localdomain6:59682 TIME_WAIT
tcp 0 0 localhost6.localdomain6:https localhost6.localdomain6:59684 TIME_WAIT
tcp 0 0 localhost6.localdomain6:https localhost6.localdomain6:59686 TIME_WAIT
tcp 0 0 localhost6.localdomain6:https localhost6.localdomain6:59689 TIME_WAIT
tcp 0 0 localhost6.localdomain6:https localhost6.localdomain6:59688 TIME_WAIT
tcp 0 0 localhost6.localdomain6:https localhost6.localdomain6:59690 TIME_WAIT
tcp 0 0 localhost6.localdomain6:https localhost6.localdomain6:59692 TIME_WAIT
tcp 0 0 localhost6.localdomain6:59667 localhost6.localdomain6:https TIME_WAIT
tcp 0 0 localhost6.localdomain6:59666 localhost6.localdomain6:https TIME_WAIT
tcp 0 0 localhost6.localdomain6:59664 localhost6.localdomain6:https TIME_WAIT
tcp 0 0 localhost6.localdomain6:59670 localhost6.localdomain6:https TIME_WAIT
tcp 0 0 localhost6.localdomain6:59675 localhost6.localdomain6:https TIME_WAIT
tcp 0 0 localhost6.localdomain6:59679 localhost6.localdomain6:https TIME_WAIT
tcp 0 0 localhost6.localdomain6:59678 localhost6.localdomain6:https TIME_WAIT
tcp 0 0 localhost6.localdomain6:59677 localhost6.localdomain6:https TIME_WAIT
(this is only a part of the connections, there's about 3 times as much of these)
Thanks in advance!