asked on
Linux Cent OS virus ? netstat
hey im trying to locate if my machine is sending a virus if so trying to block it .
heres the output
i get numerous of these a second any my Centos is using postfix as the client
Yesterday this netstat-an was all port 110 pop3 of all the ip range of 195.xx is my server being targeted with proxy servers to identify if my port of 3389 is open ??
i did a netstat -an on the Centos
tcp 0 1 192.168.2.40:48828 214.81.1.74:3389 SYN_SENT
tcp 0 1 192.168.2.40:50685 214.100.1.68:3389 SYN_SENT
tcp 0 1 192.168.2.40:50881 214.56.1.91:3389 SYN_SENT
tcp 0 1 192.168.2.40:47174 214.21.1.136:3389 SYN_SENT
tcp 0 1 192.168.2.40:38568 214.100.1.55:3389 SYN_SENT
tcp 0 1 192.168.2.40:35053 214.59.1.54:3389 SYN_SENT
tcp 0 1 192.168.2.40:41037 214.10.1.143:3389 SYN_SENT
tcp 0 1 192.168.2.40:59374 214.78.1.44:3389 SYN_SENT
tcp 0 1 192.168.2.40:59280 214.65.1.67:3389 SYN_SENT
tcp 0 1 192.168.2.40:34960 214.85.1.56:3389 SYN_SENT
tcp 0 1 192.168.2.40:44403 214.32.1.136:3389 SYN_SENT
tcp 0 1 192.168.2.40:49428 214.37.1.129:3389 SYN_SENT
tcp 0 1 192.168.2.40:38040 214.72.1.57:3389 SYN_SENT
tcp 0 1 192.168.2.40:52776 214.41.1.130:3389 SYN_SENT
tcp 0 1 192.168.2.40:35784 214.63.1.49:3389 SYN_SENT
tcp 0 1 192.168.2.40:33611 214.5.1.131:3389 SYN_SENT
tcp 0 1 192.168.2.40:44523 214.81.1.89:3389 SYN_SENT
tcp 0 1 192.168.2.40:57551 214.89.1.60:3389 SYN_SENT
tcp 0 1 192.168.2.40:56305 214.5.1.123:3389 SYN_SENT
tcp 0 1 192.168.2.40:49685 214.10.1.141:3389 SYN_SENT
tcp 0 1 192.168.2.40:52501 214.5.1.141:3389 SYN_SENT
tcp 0 1 192.168.2.40:39358 214.62.1.66:3389 SYN_SENT
tcp 0 1 192.168.2.40:40543 214.27.1.128:3389 SYN_SENT
tcp 0 1 192.168.2.40:38215 214.47.1.88:3389 SYN_SENT
tcp 0 1 192.168.2.40:41989 214.92.1.90:3389 SYN_SENT
tcp 0 1 192.168.2.40:57902 214.27.1.123:3389 SYN_SENT
tcp 0 1 192.168.2.40:52748 214.22.1.122:3389 SYN_SENT
tcp 0 1 192.168.2.40:40232 214.91.1.68:3389 SYN_SENT
tcp 0 1 192.168.2.40:57846 214.41.1.138:3389 SYN_SENT
tcp 0 1 192.168.2.40:58965 214.73.1.77:3389 SYN_SENT
tcp 0 1 192.168.2.40:57428 214.73.1.75:3389 SYN_SENT
tcp 0 1 192.168.2.40:39761 214.68.1.61:3389 SYN_SENT
tcp 0 1 192.168.2.40:49023 214.61.1.64:3389 SYN_SENT
tcp 0 1 192.168.2.40:43292 214.50.1.57:3389 SYN_SENT
tcp 0 1 192.168.2.40:49445 214.82.1.49:3389 SYN_SENT
tcp 0 1 192.168.2.40:44932 214.44.1.129:3389 SYN_SENT
tcp 0 1 192.168.2.40:38766 214.52.1.65:3389 SYN_SENT
tcp 0 1 192.168.2.40:47982 214.38.1.127:3389 SYN_SENT
tcp 0 1 192.168.2.40:49356 214.4.1.134:3389 SYN_SENT
tcp 0 1 192.168.2.40:34825 214.69.1.79:3389 SYN_SENT
tcp 0 1 192.168.2.40:42070 214.22.1.112:3389 SYN_SENT
tcp 0 1 192.168.2.40:46422 214.0.1.119:3389 SYN_SENT
tcp 0 1 192.168.2.40:48464 214.83.1.44:3389 SYN_SENT
tcp 0 1 192.168.2.40:51166 214.12.1.137:3389 SYN_SENT
tcp 0 1 192.168.2.40:44295 214.99.1.44:3389 SYN_SENT
tcp 0 1 192.168.2.40:39718 214.99.1.58:3389 SYN_SENT
Theres SO much more then that i just grabbed..
3389 isnt that the RDP port
i dont know how to solve this
im not sure if this means my server is sending out or am i getting sent incoming
where would i look first then ??
Thanks
heres the output
i get numerous of these a second any my Centos is using postfix as the client
Yesterday this netstat-an was all port 110 pop3 of all the ip range of 195.xx is my server being targeted with proxy servers to identify if my port of 3389 is open ??
i did a netstat -an on the Centos
tcp 0 1 192.168.2.40:48828 214.81.1.74:3389 SYN_SENT
tcp 0 1 192.168.2.40:50685 214.100.1.68:3389 SYN_SENT
tcp 0 1 192.168.2.40:50881 214.56.1.91:3389 SYN_SENT
tcp 0 1 192.168.2.40:47174 214.21.1.136:3389 SYN_SENT
tcp 0 1 192.168.2.40:38568 214.100.1.55:3389 SYN_SENT
tcp 0 1 192.168.2.40:35053 214.59.1.54:3389 SYN_SENT
tcp 0 1 192.168.2.40:41037 214.10.1.143:3389 SYN_SENT
tcp 0 1 192.168.2.40:59374 214.78.1.44:3389 SYN_SENT
tcp 0 1 192.168.2.40:59280 214.65.1.67:3389 SYN_SENT
tcp 0 1 192.168.2.40:34960 214.85.1.56:3389 SYN_SENT
tcp 0 1 192.168.2.40:44403 214.32.1.136:3389 SYN_SENT
tcp 0 1 192.168.2.40:49428 214.37.1.129:3389 SYN_SENT
tcp 0 1 192.168.2.40:38040 214.72.1.57:3389 SYN_SENT
tcp 0 1 192.168.2.40:52776 214.41.1.130:3389 SYN_SENT
tcp 0 1 192.168.2.40:35784 214.63.1.49:3389 SYN_SENT
tcp 0 1 192.168.2.40:33611 214.5.1.131:3389 SYN_SENT
tcp 0 1 192.168.2.40:44523 214.81.1.89:3389 SYN_SENT
tcp 0 1 192.168.2.40:57551 214.89.1.60:3389 SYN_SENT
tcp 0 1 192.168.2.40:56305 214.5.1.123:3389 SYN_SENT
tcp 0 1 192.168.2.40:49685 214.10.1.141:3389 SYN_SENT
tcp 0 1 192.168.2.40:52501 214.5.1.141:3389 SYN_SENT
tcp 0 1 192.168.2.40:39358 214.62.1.66:3389 SYN_SENT
tcp 0 1 192.168.2.40:40543 214.27.1.128:3389 SYN_SENT
tcp 0 1 192.168.2.40:38215 214.47.1.88:3389 SYN_SENT
tcp 0 1 192.168.2.40:41989 214.92.1.90:3389 SYN_SENT
tcp 0 1 192.168.2.40:57902 214.27.1.123:3389 SYN_SENT
tcp 0 1 192.168.2.40:52748 214.22.1.122:3389 SYN_SENT
tcp 0 1 192.168.2.40:40232 214.91.1.68:3389 SYN_SENT
tcp 0 1 192.168.2.40:57846 214.41.1.138:3389 SYN_SENT
tcp 0 1 192.168.2.40:58965 214.73.1.77:3389 SYN_SENT
tcp 0 1 192.168.2.40:57428 214.73.1.75:3389 SYN_SENT
tcp 0 1 192.168.2.40:39761 214.68.1.61:3389 SYN_SENT
tcp 0 1 192.168.2.40:49023 214.61.1.64:3389 SYN_SENT
tcp 0 1 192.168.2.40:43292 214.50.1.57:3389 SYN_SENT
tcp 0 1 192.168.2.40:49445 214.82.1.49:3389 SYN_SENT
tcp 0 1 192.168.2.40:44932 214.44.1.129:3389 SYN_SENT
tcp 0 1 192.168.2.40:38766 214.52.1.65:3389 SYN_SENT
tcp 0 1 192.168.2.40:47982 214.38.1.127:3389 SYN_SENT
tcp 0 1 192.168.2.40:49356 214.4.1.134:3389 SYN_SENT
tcp 0 1 192.168.2.40:34825 214.69.1.79:3389 SYN_SENT
tcp 0 1 192.168.2.40:42070 214.22.1.112:3389 SYN_SENT
tcp 0 1 192.168.2.40:46422 214.0.1.119:3389 SYN_SENT
tcp 0 1 192.168.2.40:48464 214.83.1.44:3389 SYN_SENT
tcp 0 1 192.168.2.40:51166 214.12.1.137:3389 SYN_SENT
tcp 0 1 192.168.2.40:44295 214.99.1.44:3389 SYN_SENT
tcp 0 1 192.168.2.40:39718 214.99.1.58:3389 SYN_SENT
Theres SO much more then that i just grabbed..
3389 isnt that the RDP port
i dont know how to solve this
im not sure if this means my server is sending out or am i getting sent incoming
where would i look first then ??
Thanks
LinuxEmail Servers
Last Comment
ritztech