[thelist] tcp connections / load average
Bob Meetin
bobm at dottedi.biz
Wed May 30 23:20:48 CDT 2012
tcp 0 0 174.121.xxx.xxx:80 $ip_address:58530 TIME_WAIT -
tcp 0 0 174.121.xxx.xxx:80 $ip_address:58532 TIME_WAIT -
The load average skyrocketed (>100) so I checked a log file and found a ton of tcp connections from the same address ($ip_address). When this happens I commonly check Project Honeypot and can track them to comment spammers, mail harvestors, etc.
In this case, nothing glaring shows. What else might I check to see if this is, indeed, the source and an unwanted visitor?
Bob
More information about the thelist
mailing list