Quote:
Originally Posted by backroger
Source Destination Port Service
10.14.0.1 88.105.110.238 1028 Unknown
10.14.0.1 88.105.110.238 1032 Unknown
10.14.0.1 216.162.88.130 29469 Unknown
|
Hard to say what they are based on the above info. Next time you see them use netstat -pantu to get a listing of port->PID mappings which you can then look up in output of 'ps aux'.
Quote:
[root@ola ~]# netstat -vatn
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
tcp 0 0 0.0.0.0:32769 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN
tcp 0 0 10.14.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN
tcp 0 0 10.14.0.1:80 65.55.213.101:17208 TIME_WAIT
tcp 0 0 10.14.0.1:80 65.55.213.101:17018 TIME_WAIT
|
Lots of open ports. If you don't need stuff like RPC running then you should shut it off. Last 2 entries look like incoming connections to your webserver from hosts in the Microsoft IP range. In fact the IP resolves to a hostname that looks like a webcrawler that is probably indexing your site:
Code:
host 65.55.213.101
101.213.55.65.in-addr.arpa domain name pointer livebot-65-55-213-101.search.live.com.