Hello,
I found out that my elasticsearch user was running strange commands and producing a lot of dutchy traffic recently.
(("22",21871,3))
ESTAB 0 0 5.9.97.70:43626 222.186.58.177:10991 users:(("9314",21349,3))
ESTAB 0 0 5.9.97.70:47511 121.40.105.14:3615 users:(("ience",23209,4))
ESTAB 0 0 5.9.97.70:56270 101.200.198.157:10991 users:(("bb",21403,3))
ESTAB 0 0 5.9.97.70:43652 222.186.58.177:10991 users:(("9314",21692,3))
All these command were run by the elasticsearch user. I am wondering if there is any logical explanation for that or this simply means something is wrong with my version. Are there any known security issues?
Thanks a lot in advance!