July 1st, 2002 09:30 PM
problems with a virus that does network scanning (LINUX)
I think I have a zombie process running on my LINUX box which wakes up approximately 2 or 3 times a day and sends out about 64,000 packets scanning different ports and ip addresses.
Does anyone know how to tell if I have a zombie process running on my LINUX box or how to stop it?
July 1st, 2002 09:59 PM
I'm not sure if "zombie is the word you're looking for.
A zombie is a process that has died or exited, but somehow
still appears to be there.
What you're describing is a "daemon", and it could be a legit
process in the OS, or an intruder.
I came in to the world with nothing. I still have most of it.
July 1st, 2002 10:08 PM
What's the process name/path? (ps -aux)
Credit travels up, blame travels down -- The Boss
July 2nd, 2002 02:04 AM
Hey buddy, I recommend you do a little "man ps" and "man top" for yourself. In ps, there should be an option that shows the program and its related sockets. What you can do is type "ps -p" (or whatever the extension is to see the programs), and see what's making those sockets get opened. From there, you can weed out that little bugger
"top" lists the processes that take up the most processor time on your computer, I.E., the apps that are hogging all your speed. When those packets start flying, you can type "top," and see which programs are taking the most processor time. Hopefully, this virus will show up high on top's list.
Hope this helps, you can always email me if you have any other questions!
Stretch your MIND