I have run chkrootkit, and nothing has been picked up. I also stopped the mythtv backend and it seems these connections have dropped. Could these connections be normal for mythtv? On 17/08/07, Rick Stevens <rstevens@xxxxxxxxxxxx> wrote: > On Thu, 2007-08-16 at 22:45 +0100, Paul Ward wrote: > > Hello, > > > > Can someone explain to me what the netstat command is showing on my server. > > Is mythtv making outgoing connections or are they incoming? > > Is this something to worry about? > > > > tcp 0 0 mythtv:49189 > > 213.red-83-60-5:privatechat ESTABLISHED > > tcp 0 17 mythtv:49189 > > 151.125.226.200.in-add:4378 ESTABLISHED > > tcp 0 0 mythtv:49189 > > c-75-71-211-38.hsd1.c:vchat ESTABLISHED > > tcp 0 0 mythtv:49189 > > dxb-as11957.alshamil:ka0wuc ESTABLISHED > > tcp 0 0 mythtv:49189 > > cpc2-stkn3-0-0-cust288:stvp ESTABLISHED > > tcp 0 0 mythtv:35177 151.66.160.74:35024 > > ESTABLISHED > > tcp 0 0 mythtv:49189 > > 5ac32ed8.bb.sky.co:rt-event ESTABLISHED > > tcp 0 0 mythtv:56264 mythtv:lds-distrib > > TIME_WAIT > > tcp 0 0 mythtv:56263 mythtv:lds-distrib > > TIME_WAIT > > tcp 0 2920 mythtv:49189 > > 89-180-44-234.:discp-client ESTABLISHED > > tcp 0 0 mythtv:49189 > > static-76-31-224-77:journee ESTABLISHED > > tcp 0 0 mythtv:49189 > > c906d4e5.virtua.com.:n1-fwp ESTABLISHED > > tcp 0 0 mythtv:49189 > > 201.247.208.1:mkm-discovery ESTABLISHED > > tcp 0 0 mythtv:49189 > > eu85-84-181-235.c:metaagent ESTABLISHED > > tcp 0 0 mythtv:46102 > > bb-87-80-14-145.ukonl:23491 ESTABLISHED > > tcp 0 0 mythtv:49189 > > 81.203.236.21.dyn.use:ff-sm ESTABLISHED > > tcp 0 0 mythtv:49189 > > 47.red-81-41:spw-dnspreload ESTABLISHED > > tcp 0 0 mythtv:49189 > > acd15a0f.ipt.aol.com:57607 ESTABLISHED > > tcp 0 0 mythtv:49189 > > 196.211.12.74:slc-systemlog ESTABLISHED > > tcp 0 0 mythtv:49189 > > 201-254-170-207.speedy:msmq ESTABLISHED > > tcp 0 0 mythtv:49189 > > a88-114-123-113.elisa:61136 ESTABLISHED > > tcp 0 0 mythtv:49189 > > r190-64-194-173.dialup:3977 ESTABLISHED > > tcp 0 0 mythtv:49189 > > 116.46.rev.vline:valisys-lm ESTABLISHED > > Sure looks like you got hacked. Someone's running a server on your > machine that a lot of people are connected to. It's listening on > port 49189, so do a "netstat -lpn" and find which process that is and > KILL THE DAMNED THING. You'd better do a rootkit scan while you're > at it. > > ---------------------------------------------------------------------- > - Rick Stevens, Principal Engineer rstevens@xxxxxxxxxxxx - > - CDN Systems, Internap, Inc. http://www.internap.com - > - - > - To iterate is human, to recurse, divine. - > ---------------------------------------------------------------------- > > -- > fedora-list mailing list > fedora-list@xxxxxxxxxx > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list > -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list