为什么 kjournald 在“netstat”中出现了 700 次?

为什么 kjournald 在“netstat”中出现了 700 次?

据我所知,kjournald这不是一个网络程序,而是一个处理 EXT3 日志的程序(我在 Ubuntu 16.04 上运行 EXT4)。然而,运行时sudo netstap -tapn它出现了近 700 次,连接到意大利某家公司的 IP(bladerunner.consultingweb.it)。

$ sudo netstat -tapn | grep 195.128.235.204
tcp        0      0 192.168.10.2:40298      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:57720      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:51432      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:41414      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:40978      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:35624      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:39832      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:54744      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:58092      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:51320      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:34280      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:53338      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:51016      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:58592      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:34622      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:57781      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:32810      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:60852      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:38062      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:60430      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:57078      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:41574      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:51022      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:40004      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:58926      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:58840      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:44256      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:37728      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:56234      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:59458      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:32922      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:49780      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:38502      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:50161      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:57556      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:54720      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:57006      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:48682      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:46554      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:58090      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:38030      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:38719      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:56058      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:38986      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:44568      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:39028      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:56554      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:56598      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:45916      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:53928      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:34792      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:59738      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:35520      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:59982      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:53700      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:55614      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:56916      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:57932      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:53244      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:47948      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:57394      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:44556      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:60434      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:55224      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:56480      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:34782      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:48428      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:36124      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:37102      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:33032      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:52590      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:45902      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:44980      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:60040      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:35432      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:48280      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:46228      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:46508      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:45244      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:54024      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:55690      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:58760      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:58204      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:36384      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:35826      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:41240      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:35724      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:56584      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:40854      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:43338      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:51895      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:40430      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:41086      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:53172      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:36066      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:56060      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:55002      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:55236      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:49310      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:47750      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:36626      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:34086      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:55952      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:39652      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:54506      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:48116      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:46141      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:54170      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:39910      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:38612      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:36442      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:46938      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:51056      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:32866      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:49762      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:42960      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:43648      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:60578      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:45604      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:57336      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:60136      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:50864      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:53514      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:33970      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:49662      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:39208      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:49070      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:39336      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:60948      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:51636      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:45510      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:44562      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:44269      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:36108      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:53422      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:53904      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:50160      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:47702      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:58108      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:52148      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:57710      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:51468      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:52660      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:40262      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:38000      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:38718      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:43164      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:51926      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:57748      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:49084      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:36500      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:42730      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:42422      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:58998      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:33216      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:58696      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:52436      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:47180      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:50716      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:53922      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:33278      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:43736      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:51336      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:42176      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:57557      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:42606      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:39050      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:58302      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:48976      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:47338      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:33666      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:56760      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:42672      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:39714      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:40634      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:34132      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:58454      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:36868      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:35094      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:56484      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:60266      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:33218      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:52490      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:34398      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:36502      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:46528      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:53344      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:55416      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:56762      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:56990      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:45376      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:40574      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:45362      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:57274      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:39122      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:44852      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
tcp        0      0 192.168.10.2:60802      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]
...
etc


kaufman at timbuktu in ~ 
$ sudo netstat -tapn | grep 195.128.235.204 | wc -l
664

我真的不明白。这kjournald看起来不像是被篡改的可执行文件,而是某种内部工具,所以我不确定该怎么做:

$ cat /proc/20086/cmdline 
[kjournald]

我尝试了nmap一遍又telnet一遍的端口,但不明白它在做什么:

$ telnet 195.128.235.204 2525
Trying 195.128.235.204...
Connected to 195.128.235.204.
Escape character is '^]'.
NOTICE AUTH :*** Looking up your hostname...

第二次尝试

$ sudo nmap -p 2525 195.128.235.204

Starting Nmap 7.01 ( https://nmap.org ) at 2018-02-08 11:36 CET
Nmap scan report for bladerunner.consultingweb.it (195.128.235.204)
Host is up (0.042s latency).
PORT     STATE SERVICE
2525/tcp open  ms-v-worlds

Nmap done: 1 IP address (1 host up) scanned in 0.72 seconds

答案1

正如怀疑的那样,这是黑客攻击的结果。完整的事后分析可以在 GitHub 上找到,以及所有脚本和我发现的方式。

基本上:

# finding the process number
sudo netstap -tapn | grep kjournald
...
tcp        0      0 192.168.10.2:37126      195.128.235.204:2525    ESTABLISHED 20086/[kjournald]

# finding which executable is running under that process
sudo ls -lh /proc/20086/exe                                                                                                                                                                                                                                                             
lrwxrwxrwx 1 root root 0 feb.   8 15:56 /proc/20086/exe -> /var/tmp/32a1e380

# ehhh ... that seems weird
# goodbye
$ sudo rm /var/tmp/32a1e380*
$ sudo kill 20086

相关内容