found a bunch of strange entries in my /var/log/messages

eprint kernel: 2XX.XX.XX.XX sent an invalid ICMP error to a broadcast


and then the other strange thing that I am not sure what it is this particular output from the ps -axf command.....

28659 ? S 0:00 ./x polySOMETHING.com
28807 ? S 0:00 \_ ./apx 0x07 polySOMETHING.com 443 -c 10

I edited out the IP's and hostname in this post.

Any idea what the processes running are? or how I can find out. I tried to "locate" those files and couldn't find them. Also, they aren't always running, just every once in a while they will be executing. And it isn't always the same IP or hostname....

I need some help here :(

Mike

28807 ? S 0:00 \_ ./apx 0x07 polySOMETHING.com 443 -c 10


this is just a guess but it appears that is connecting on port 443 which is the HTTPS port.......generally IMO not needed!

secondly.....have you tried to kill this process by the PID number? or have you tried to block that address with your firewall?


i don't know what else to say as this is not my expertise.......but maybe will give ya a lil bit more insight

thanks for the response, I think those processes that are trying to connect to port 443 are outgoing connection attempts....

anyone else want to share any insight ?


TIA


Mike

you can run a netstat -tupa to see what is listening, and chain out anything or remove the service you dont want running