[GRLUG] Rogue SSH connections

megadave megadave at gmail.com
Sun Oct 6 19:13:30 EDT 2013


er, sorry, add a "sudo" in there for 'Bunt

As an *nix old-timer, I regularly work directly at the root # prompt
and don't need to think about stuff like that :)

Now if you'll pardon me, I have to go grease the bearings on my hard drives.....

On Sun, Oct 6, 2013 at 7:08 PM, megadave <megadave at gmail.com> wrote:
> lsof is available for linux. You might need to install it from your
> package manager.
>
> For Debian (and probably Ubuntu) "apt-get install lsof"
>
>
>
> On Sun, Oct 6, 2013 at 6:53 PM, L. V. Lammert <lvl at omnitec.net> wrote:
>> When one does fstat [lsof] on a BSD box, it returns detailed information
>> about open files, e.g.:
>>
>> lvl      ssh        19533    4* internet stream tcp 0xd9041800 \
>> 206.197.251.191:3160 --> 206.197.251.252:2206
>>
>> How does one get similar info on Linux? One of our workgroup servers is
>> opening ssh connections to a BSD server and leaving them open, but I
>> cannot figure out what is causing them. Need to track back the IP to a
>> PID/process on the Linux box for a clue.
>>
>>         TIA!
>>
>>         Lee
>> _______________________________________________
>> grlug mailing list
>> grlug at grlug.org
>> http://shinobu.grlug.org/cgi-bin/mailman/listinfo/grlug


More information about the grlug mailing list