We help IT Professionals succeed at work.
Get Started

Linux Cent OS virus ? netstat

ritztech
ritztech asked
on
1,282 Views
Last Modified: 2013-12-16
hey im trying to locate if my machine is sending a virus if so trying to block it .



heres the output

i get numerous of these a second any my Centos is using postfix as the client
Yesterday this netstat-an was all port 110 pop3 of all the ip range of 195.xx is my server being targeted with proxy servers to identify if my port of 3389 is open ??

i did a netstat -an on the Centos


tcp        0      1 192.168.2.40:48828          214.81.1.74:3389            SYN_SENT    
tcp        0      1 192.168.2.40:50685          214.100.1.68:3389           SYN_SENT    
tcp        0      1 192.168.2.40:50881          214.56.1.91:3389            SYN_SENT    
tcp        0      1 192.168.2.40:47174          214.21.1.136:3389           SYN_SENT    
tcp        0      1 192.168.2.40:38568          214.100.1.55:3389           SYN_SENT    
tcp        0      1 192.168.2.40:35053          214.59.1.54:3389            SYN_SENT    
tcp        0      1 192.168.2.40:41037          214.10.1.143:3389           SYN_SENT    
tcp        0      1 192.168.2.40:59374          214.78.1.44:3389            SYN_SENT    
tcp        0      1 192.168.2.40:59280          214.65.1.67:3389            SYN_SENT    
tcp        0      1 192.168.2.40:34960          214.85.1.56:3389            SYN_SENT    
tcp        0      1 192.168.2.40:44403          214.32.1.136:3389           SYN_SENT    
tcp        0      1 192.168.2.40:49428          214.37.1.129:3389           SYN_SENT    
tcp        0      1 192.168.2.40:38040          214.72.1.57:3389            SYN_SENT    
tcp        0      1 192.168.2.40:52776          214.41.1.130:3389           SYN_SENT    
tcp        0      1 192.168.2.40:35784          214.63.1.49:3389            SYN_SENT    
tcp        0      1 192.168.2.40:33611          214.5.1.131:3389            SYN_SENT    
tcp        0      1 192.168.2.40:44523          214.81.1.89:3389            SYN_SENT    
tcp        0      1 192.168.2.40:57551          214.89.1.60:3389            SYN_SENT    
tcp        0      1 192.168.2.40:56305          214.5.1.123:3389            SYN_SENT    
tcp        0      1 192.168.2.40:49685          214.10.1.141:3389           SYN_SENT    
tcp        0      1 192.168.2.40:52501          214.5.1.141:3389            SYN_SENT    
tcp        0      1 192.168.2.40:39358          214.62.1.66:3389            SYN_SENT    
tcp        0      1 192.168.2.40:40543          214.27.1.128:3389           SYN_SENT    
tcp        0      1 192.168.2.40:38215          214.47.1.88:3389            SYN_SENT    
tcp        0      1 192.168.2.40:41989          214.92.1.90:3389            SYN_SENT    
tcp        0      1 192.168.2.40:57902          214.27.1.123:3389           SYN_SENT    
tcp        0      1 192.168.2.40:52748          214.22.1.122:3389           SYN_SENT    
tcp        0      1 192.168.2.40:40232          214.91.1.68:3389            SYN_SENT    
tcp        0      1 192.168.2.40:57846          214.41.1.138:3389           SYN_SENT    
tcp        0      1 192.168.2.40:58965          214.73.1.77:3389            SYN_SENT    
tcp        0      1 192.168.2.40:57428          214.73.1.75:3389            SYN_SENT    
tcp        0      1 192.168.2.40:39761          214.68.1.61:3389            SYN_SENT    
tcp        0      1 192.168.2.40:49023          214.61.1.64:3389            SYN_SENT    
tcp        0      1 192.168.2.40:43292          214.50.1.57:3389            SYN_SENT    
tcp        0      1 192.168.2.40:49445          214.82.1.49:3389            SYN_SENT    
tcp        0      1 192.168.2.40:44932          214.44.1.129:3389           SYN_SENT    
tcp        0      1 192.168.2.40:38766          214.52.1.65:3389            SYN_SENT    
tcp        0      1 192.168.2.40:47982          214.38.1.127:3389           SYN_SENT    
tcp        0      1 192.168.2.40:49356          214.4.1.134:3389            SYN_SENT    
tcp        0      1 192.168.2.40:34825          214.69.1.79:3389            SYN_SENT    
tcp        0      1 192.168.2.40:42070          214.22.1.112:3389           SYN_SENT    
tcp        0      1 192.168.2.40:46422          214.0.1.119:3389            SYN_SENT    
tcp        0      1 192.168.2.40:48464          214.83.1.44:3389            SYN_SENT    
tcp        0      1 192.168.2.40:51166          214.12.1.137:3389           SYN_SENT    
tcp        0      1 192.168.2.40:44295          214.99.1.44:3389            SYN_SENT    
tcp        0      1 192.168.2.40:39718          214.99.1.58:3389            SYN_SENT    

Theres SO much more then that i just grabbed..

3389 isnt that the RDP port
i dont know how to solve this

im not sure if this means my server is sending out or am i getting sent incoming

where would i look first then ??

Thanks
Comment
Watch Question
CERTIFIED EXPERT
Commented:
This problem has been solved!
Unlock 2 Answers and 14 Comments.
See Answers
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE