LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-09-2007, 03:29 PM   #1
paranoid times
Member
 
Registered: Jan 2005
Distribution: Fedora Core 3, 4
Posts: 135

Rep: Reputation: 16
multiple connections from the same host port 80


So I have a server that has the load average at 6-10. top is telling me that httpd mysqld and named are interested in running. netstat is telling me that there are a bunch (but never more then about 20) of the same ip address connected to port 80. Most everyone connected is connected multiple times. If it were an attack I would expect that the connection would be there a lot more then 20 or fewer times per ip. I guess my question is, could this be some kind of attack, or just that there are a lot of mysql calls?

Oh yeah, another cute thing is that the server seems to be connecting to itself a lot.

Thanks for any help,
Michael

Last edited by paranoid times; 02-09-2007 at 03:42 PM.
 
Old 02-10-2007, 02:51 AM   #2
live_dont_exist
Member
 
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
Hey Michael,
Can you post a sample of your "suspected hacker activity" out here? As in .. lets see the connections to port 80 here. That way we'll be able to better understand the problem.

The self connections is not a thing to worry I'd say. There are probably daemons running on your server. The application itself is making those internal connections to those daemons.

If are there any outgoing connections from your server lets see them.

Cheers
Arvind
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
mysqld running and reading for connections on port 3306, no port 3306 found from scan darkenigmaa Linux - Networking 10 07-13-2016 12:53 PM
Multiple Connections using wget utw-mephisto Linux - General 8 07-16-2012 03:49 AM
Vpn Multiple connections rdwiljam Linux - Networking 0 09-29-2005 05:43 PM
Multiple Connections with OpenBSD and PF IMNOboist Linux - Networking 0 04-30-2005 12:34 AM
Multiple internet connections kojie Linux - Networking 2 12-08-2004 04:19 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:48 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration