On Fri, 3 Dec 2010 11:14:01 -0800 Grant <[email protected]> wrote:
> I ran 'netstat -lp' on a system of mine and found a couple of strange > things. > > tcp 0 0 1.2.3.4.st:https *:* LISTEN > 2929/apache2 > udp 0 0 1.2.3.4.stat:ntp *:* > 3203/ntpd > > 1.2.3.4 is not the IP address that actually appeared, but I don't > recognize the one that did appear. An IP lookup says it is in the > Czech Republic and I'm in the US. I did a grep of my system looking > for the IP and found two recent "Relay access denied" messages in the > mail log from a sender with an email address like > "[email protected]" where myhost.com is my host's > domain. > > The other strange item was the following entry repeated over and over > under UNIX sockets: > > warning, got bogus unix line. > > Can anyone shed some light on either of these? I suspect your IP address is 4.3.2.1, and your ISP gives it a reverse DNS of 1.2.3.4.static.reverse.myhst.com. Try netstat -lpn
