[GRLUG] Rogue SSH connections
L. V. Lammert
lvl at omnitec.net
Sun Oct 6 18:53:33 EDT 2013
When one does fstat [lsof] on a BSD box, it returns detailed information
about open files, e.g.:
lvl ssh 19533 4* internet stream tcp 0xd9041800 \
206.197.251.191:3160 --> 206.197.251.252:2206
How does one get similar info on Linux? One of our workgroup servers is
opening ssh connections to a BSD server and leaving them open, but I
cannot figure out what is causing them. Need to track back the IP to a
PID/process on the Linux box for a clue.
TIA!
Lee
More information about the grlug
mailing list