Tracing out going connections
Posted
by
Tiffany Walker
on Server Fault
See other posts from Server Fault
or by Tiffany Walker
Published on 2013-01-25T18:53:12Z
Indexed on
2013/06/25
10:23 UTC
Read the original article
Hit count: 228
Jan 24 07:00:49 HOST kernel: [875997.380464] Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=108.60.11.15 DST=74.80.225.32 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=18789 DF PROTO=TCP SPT=64823 DPT=81 WINDOW=14600 RES=0x00 SYN URGP=0
Jan 24 07:00:50 HOST kernel: [875998.378321] Firewall: *TCP_OUT Blocked* IN= OUT=eth0 SRC=108.60.11.15 DST=74.80.225.32 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=18790 DF PROTO=TCP SPT=64823 DPT=81 WINDOW=14600 RES=0x00 SYN URGP=0
I run fcgid so everything runs as a user. But is there a way to trace and figure out who is running an out going script?
The sites all share the same IP so it's hard to know which site it is or where the script is located at.
© Server Fault or respective owner