Also, I've noticed there're many suspicious files in /tmp, like:
$ ls -al /tmp
26000
32
991linux
conf.n
elasticsearch/
gates.lock
git
icp
Intelip
Intelips
Intelnet
Intelnets
jrtj
log
.lz1429583673
xudp
xx32
zlwanby
Is my machine be hacked?
On Wednesday, April 22, 2015 at 6:16:15 PM UTC+8, Jason Zhang wrote:
Hi,
Recently I find something odd using lsof:
$ sudo lsof -p pid | grep -i tcp | awk '{print $1, $10}' | sort | uniq freeBSD my_ip:random_port->unknown_ip:port Intelnets my_ip:random_port->unknown_ip:port .lz142958 my_ip:random_port->unknown_ip:port service (ESTABLISHED) sh (ESTABLISHED) xudp my_ip:random_port->unknown_ip:port zlwanby my_ip:random_port->unknown_ip:portI've configured iptables to allow my ips to connect.
Why can those foreign ip still connect to my ES?I use ES v1.3.9.
Thanks in advance.
--
You received this message because you are subscribed to the Google Groups "elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email to elasticsearch+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/elasticsearch/4dd30173-a043-4dc4-b71a-1732d5860640%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.