multiple connections from the same host port 80
So I have a server that has the load average at 6-10. top is telling me that httpd mysqld and named are interested in running. netstat is telling me that there are a bunch (but never more then about 20) of the same ip address connected to port 80. Most everyone connected is connected multiple times. If it were an attack I would expect that the connection would be there a lot more then 20 or fewer times per ip. I guess my question is, could this be some kind of attack, or just that there are a lot of mysql calls?
Oh yeah, another cute thing is that the server seems to be connecting to itself a lot.
Thanks for any help,
Michael
Last edited by paranoid times; 02-09-2007 at 03:42 PM.
|