netstat is showing a lot of unknown connections from different strange places. are they just attempt to establish connection? or is my server compromised? I've removed my local addresses from the log below:
STREAM CONNECTED 8353 P8352 [root@ns512646 ~]# netstat Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 s1.securityresearch.3:60000 ESTABLISHED tcp 0 0 hn.kd.ny.adsl:17353 ESTABLISHED tcp 0 0 s4.securityresearch.3:60000 ESTABLISHED tcp 0 0 s3.securityresearch.3:60000 ESTABLISHED tcp 0 0 hn.kd.ny.adsl:28534 ESTABLISHED tcp 0 0 s4.securityresearch.3:60000 ESTABLISHED
Best Answer
If you type netstat -na it will give you more details, you have server and you are not aware of what is connected to it.
Also, this is very basic request, referring to man netstat would have spared you to fire such request.