[GRLUG] Rogue SSH connections
megadave
megadave at gmail.com
Sun Oct 6 19:08:16 EDT 2013
lsof is available for linux. You might need to install it from your
package manager.
For Debian (and probably Ubuntu) "apt-get install lsof"
On Sun, Oct 6, 2013 at 6:53 PM, L. V. Lammert <lvl at omnitec.net> wrote:
> When one does fstat [lsof] on a BSD box, it returns detailed information
> about open files, e.g.:
>
> lvl ssh 19533 4* internet stream tcp 0xd9041800 \
> 206.197.251.191:3160 --> 206.197.251.252:2206
>
> How does one get similar info on Linux? One of our workgroup servers is
> opening ssh connections to a BSD server and leaving them open, but I
> cannot figure out what is causing them. Need to track back the IP to a
> PID/process on the Linux box for a clue.
>
> TIA!
>
> Lee
> _______________________________________________
> grlug mailing list
> grlug at grlug.org
> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug
More information about the grlug
mailing list