Centos7 weird problem

Issues related to configuring your network
Post Reply
tomx
Posts: 1
Joined: 2017/05/13 13:41:57

Centos7 weird problem

Post by tomx » 2017/05/13 13:46:51

Hello, i'm newly in cents7 world and i have some problems with my home server.
Yesterday i notice some hangs on my lan and found that my centos server is the issue.

ISystem monitor show that i'm sending 20 MiS every 3 min..i cant find what i'm sending...

i installed nethogs and i can see a lot of this - how can i found which program is causing this...any idea?
SEND RECEIVED
? root 192.168.1.110:56698-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:17632-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:29242-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:53321-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:50745-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:24-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:56941-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:6997-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:49576-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:25847-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:8335-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:12327-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:63844-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:27959-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:16414-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:268-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:61635-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:64899-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:45735-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:61775-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:19831-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:30219-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:15571-103.198.74.56:7011 0.000 0.000 KB/sec
? root 192.168.1.110:34442-103.198.74.56:7011 0.000 0.000 KB/sec

After 3 mins again...
oot 192.168.1.110:66-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:16297-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:14456-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:64379-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:27332-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:61102-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:38290-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:47104-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:38549-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:29522-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:39202-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:29044-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:51285-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:58192-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:60967-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:19414-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:27466-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:30869-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:30825-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:46198-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:44771-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:43778-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:8697-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:9393-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:8192-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:28868-103.36.209.167:7006 0.000 0.000 KB/sec
? root 192.168.1.110:14493-103.36.209.167:7006 0.000
Top
User avatar
TrevorH
Site Admin
Posts: 33218
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Centos7 weird problem

Post by TrevorH » 2017/05/13 15:10:47

Unless you've installed something that wants to talk a lot to an ip address in China then I suspect you've been hacked. Both 103.36.209.167 and 103.198.74.56 are in whois as residing in China. Take the machine offline, backup any of your own data and reinstall. Make sure you get yourself up to date ASAP after the reinstall by running yum update and be careful when you restore any of your data and make sure that it is not the source of the compromise.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke
Top
Post Reply

Return to “CentOS 7 - Networking Support”