Re: Suspicious connections on ES

Wed, 22 Apr 2015 17:58:28 -0700 

Is your ES instance open to the world?
Check your ES logs as well.
On 22/04/2015 8:44 pm, "Jason Zhang" <moc...@gmail.com> wrote:

> Also, I've noticed there're many suspicious files in /tmp, like:
>
> ```
> $ ls -al /tmp
> 26000
> 32
> 991linux
> conf.n
> elasticsearch/
> gates.lock
> git
> icp
> Intelip
> Intelips
> Intelnet
> Intelnets
> jrtj
> log
> .lz1429583673
> xudp
> xx32
> zlwanby
> ```
>
> Is my machine be hacked?
>
> On Wednesday, April 22, 2015 at 6:16:15 PM UTC+8, Jason Zhang wrote:
>>
>> Hi,
>>
>>   Recently I find something odd using lsof:
>>
>> ```
>> $ sudo lsof -p pid | grep -i tcp | awk '{print $1, $10}' | sort | uniq
>> freeBSD my_ip:random_port->unknown_ip:port
>> Intelnets my_ip:random_port->unknown_ip:port
>> .lz142958 my_ip:random_port->unknown_ip:port
>> service (ESTABLISHED)
>> sh (ESTABLISHED)
>> xudp my_ip:random_port->unknown_ip:port
>> zlwanby my_ip:random_port->unknown_ip:port
>> ```
>>
>> I've configured iptables to allow my ips to connect.
>> Why can those foreign ip still connect to my ES?
>>
>> I use ES v1.3.9.
>>
>> Thanks in advance.
>>
>  --
> You received this message because you are subscribed to the Google Groups
> "elasticsearch" group.
> To unsubscribe from this group and stop receiving emails from it, send an
> email to elasticsearch+unsubscr...@googlegroups.com.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/elasticsearch/4dd30173-a043-4dc4-b71a-1732d5860640%40googlegroups.com
> <https://groups.google.com/d/msgid/elasticsearch/4dd30173-a043-4dc4-b71a-1732d5860640%40googlegroups.com?utm_medium=email&utm_source=footer>
> .
> For more options, visit https://groups.google.com/d/optout.
>

-- 
You received this message because you are subscribed to the Google Groups 
"elasticsearch" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to elasticsearch+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/elasticsearch/CAEYi1X_Bt%3DsPX_ZZ%3DgpqPQrJbieby4g2M8fK-hqYs4RkTrxmew%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to