LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
Reload this Page Bots without PID's, how to kill em?
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 05-23-2007, 06:28 PM   #1
genderbender
Member
 
Registered: Jan 2005
Location: US
Distribution: Centos, Ubuntu, Solaris, Redhat
Posts: 396

Rep: Reputation: 31
Bots without PID's, how to kill em?

I've got nagios monitoring my servers but every now and again nagios reports outbound connections to weird hosts on port 6667, I've typically found that this is an IRC bot port. If theres no PID how can you kill the connection?

Someone said lsof -i and then the port should help me out but I havent managed to get that to work. Any ideas anyone? ps installng new software is not possible.

Thanks for the help
 
Old 05-23-2007, 06:32 PM   #2
Quakeboy02
Senior Member
 
Registered: Nov 2006
Distribution: Debian Linux 11 (Bullseye)
Posts: 3,407

Rep: Reputation: 141Reputation: 141
Are you sure a bandaid is enough? Is this a sign that your systems are compromised? If so, it can only go downhill from here.
 
Old 05-23-2007, 08:18 PM   #3
twantrd
Senior Member
 
Registered: Nov 2002
Location: CA
Distribution: redhat 7.3
Posts: 1,440

Rep: Reputation: 52
lsof -i:6667 or netstat -pan | grep 6667 will tell you the answer. Perhaps you don't see it because the program establishes a connections and closes it fairly quick.

But yes, I agree with quakeboy. You should know what's going on with your systems and what they have.

-twantrd
 
Old 05-23-2007, 09:35 PM   #4
genderbender
Member
 
Registered: Jan 2005
Location: US
Distribution: Centos, Ubuntu, Solaris, Redhat
Posts: 396

Original Poster
Rep: Reputation: 31
Good work guys! We have our servers set up in a weird way, I'm pretty certain its not been compromised though. Writing down those commands for further reference.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
named running as 6 pid's ?!?! emersony Linux - Networking 2 11-18-2006 01:47 PM
What are these? Blog bots? lucktsm Linux - Security 2 03-14-2006 11:03 PM
Freebsd: /var file sys full ... various pid's binidiot *BSD 2 03-16-2005 08:35 PM
Forking, Spawning, and those pesky PID's k1mgy Programming 4 12-13-2004 06:23 AM
Search Bots vexer Programming 2 01-13-2003 03:20 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 06:01 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration