[CLUE-Tech] root kit checker
Mike Staver
staver at fimble.com
Thu May 6 10:26:37 MDT 2004
Hello everybody - I need help trying to determine what's going on with a
linux box of mine. I have ntop running, and it's showing that this box
is sending about 10 megs of tcp traffic an hour to an ip:
65.54.164.101
The reverse dns on this is wrong I think, it claims it's part of
msn.com, which I find hard to believe since it has no forward dns
pointer record assigned to it. Anyhoo, I have run ps -auwx and I do not
see any programs running that shouldn't be - and I ran nmap against the
box looking for odd ball open ports, and that didn't show anything
either. Tcpdump keeps showing:
10:23:08.950296 msnbot64101.search.msn.com.33839
What's a good tool that will show me what process is spewing traffic to
this ip?
--
-Mike Staver
staver at fimble.com
mstaver at globaltaxnetwork.com
More information about the clue-tech
mailing list