2008/11/30 akuda <akuda@xxxxxxxxx> > > Hi, > > Recently I found some unidentified outgoing connections (UOC, instead of > UFO) from one of my linux machines (gentoo, firewall by vuurmuur.org via > ipTables). Those UOC occurs soon after boot time, even though I closed all > services. These are DNS calls. > So I asked my friends full-time admins, how to check which program > requests access to internet, and what user started this program. If, for > example, RIAA would come to some University telling that from their IP > someone is downloading "Lilo & Stitch" illegally, the admin should be able > to tell who turned on bittorrent :) . And what stroke me was the fact, that > they actually didn't know! They asked me to hunt for those UOC, and then > type netstat with some options, to get the path to the binary, and locate in > someone's home directory (the bittorrent client won't be probably installed > as general bin for all users :) ). > Any other idea how to do it? Can I force linux to log who and how is > requesting a outgoing connection? > Hi, Have you tried "lsof -i'? Kind regards, Herta -- "Life on Earth may be expensive, but it comes with a free ride around the Sun." -- To unsubscribe from this list: send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
