How to detect which process is doing a port scan

security port linux-networking

I have Linux server running a unauthorized process (which I do not know the name of) which is doing a port scan from the server out to the internet.

How do I find out which process this is and kill it!

Thanks!


Look at the lsof output and track down the process that is opening a large number of possibly sequential port numbers.


If your system has been compromised there may be no possible way to identify and kill the process. Your only recourse may be to restart the machine from clean media and start your a scan/restore/rebuild.

See: Aftermath of a hack

Related

What is the best way to move site to new domain without losing google page rank
How to scan uploaded file for virus on linux?
Nameserver Checker
Run a pool of processes in shell
Improving VPN performance - stronger encryption = more performance?
Windows Server 2008 R2 - How do I change IIS Settings?
What is the best Solid State File System (SSDFS) for Linux?
Confused about setting up subversion
Grant account write access to specific attributes on Active Directory User object
Create kickstart configuration file from existing configuration
How to send Bulk email with SMTP server
What does the useragent "Mozilla/4.0 (compatible;)" mean?