Share your knowledge at the LQ Wiki.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 02-09-2007, 02:29 PM   #1
paranoid times
Registered: Jan 2005
Distribution: Fedora Core 3, 4
Posts: 135

Rep: Reputation: 16
multiple connections from the same host port 80

So I have a server that has the load average at 6-10. top is telling me that httpd mysqld and named are interested in running. netstat is telling me that there are a bunch (but never more then about 20) of the same ip address connected to port 80. Most everyone connected is connected multiple times. If it were an attack I would expect that the connection would be there a lot more then 20 or fewer times per ip. I guess my question is, could this be some kind of attack, or just that there are a lot of mysql calls?

Oh yeah, another cute thing is that the server seems to be connecting to itself a lot.

Thanks for any help,

Last edited by paranoid times; 02-09-2007 at 02:42 PM.
Old 02-10-2007, 01:51 AM   #2
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257

Rep: Reputation: 30
Hey Michael,
Can you post a sample of your "suspected hacker activity" out here? As in .. lets see the connections to port 80 here. That way we'll be able to better understand the problem.

The self connections is not a thing to worry I'd say. There are probably daemons running on your server. The application itself is making those internal connections to those daemons.

If are there any outgoing connections from your server lets see them.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
mysqld running and reading for connections on port 3306, no port 3306 found from scan darkenigmaa Linux - Networking 10 07-13-2016 11:53 AM
Multiple Connections using wget utw-mephisto Linux - General 8 07-16-2012 02:49 AM
Vpn Multiple connections rdwiljam Linux - Networking 0 09-29-2005 04:43 PM
Multiple Connections with OpenBSD and PF IMNOboist Linux - Networking 0 04-29-2005 11:34 PM
Multiple internet connections kojie Linux - Networking 2 12-08-2004 03:19 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:42 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration