Hello all! i've already tried to find answer by searching usenet, but no results. my problem is: I have my debian 3.1 sarge linux as 24/7 router/server etc. some day i found some strange activity. there was a process called "barbut" (2 of them) using 49,2% CPU time each :O meanwhile netstat showed established connections to 195.73.177.146:666
- several waiting. I have no idea where did this process come from. Any clues? this is whay ps -A printed serwer:~# ps -A PID TTY TIME CMD 1 ? 00:00:02 init 2 ? 00:00:00 keventd 3 ? 00:00:00 ksoftirqd_CPU0 4 ? 00:00:00 kswapd 5 ? 00:00:00 bdflush 6 ? 00:00:00 kupdated 99 ? 00:00:01 kjournald 295 ? 00:00:00 kcopyd 297 ? 00:00:00 kmirrord 498 ? 00:00:00 khubd 1267 ? 00:00:04 dhclient 1801 ? 00:00:01 syslogd 1807 ? 00:00:00 klogd 1851 ? 00:00:00 postmaster 1856 ? 00:00:00 postmaster 1857 ? 00:00:00 postmaster 1883 ? 00:00:00 courierlogger 1884 ? 00:00:00 authdaemond 1898 ? 00:00:00 authdaemond 1899 ? 00:00:00 authdaemond 1900 ? 00:00:00 authdaemond 1901 ? 00:00:00 authdaemond 1902 ? 00:00:00 authdaemond 1906 ? 00:00:00 cupsd 1916 ? 00:00:00 dhcpd 1948 ? 00:00:00 mysqld_safe 1985 ? 00:00:00 mysqld 1986 ? 00:00:00 logger 1987 ? 00:00:00 mysqld 1988 ? 00:00:00 mysqld 1989 ? 00:00:00 mysqld 1990 ? 00:00:00 mysqld 1991 ? 00:00:00 mysqld 2002 ? 00:00:00 mysqld 2003 ? 00:00:00 mysqld 2004 ? 00:00:00 mysqld 2005 ? 00:00:00 mysqld 2008 ? 00:00:00 mysqld 2046 ? 00:00:00 inetd 2112 ? 00:00:00 master 2121 ? 00:00:00 qmgr 2122 ? 00:00:02 nmbd 2123 ? 00:00:00 nmbd 2125 ? 00:00:00 smbd 2138 ? 00:00:00 smbd 2141 ? 00:00:00 sshd 2209 ? 00:00:00 ntpd 2228 ? 00:00:00 atd 2235 ? 00:00:00 cron 2256 ? 00:00:00 apache-ssl 2312 tty1 00:00:00 getty 2313 tty2 00:00:00 getty 2314 tty3 00:00:00 getty 2315 tty4 00:00:00 getty 2316 tty5 00:00:00 getty 2317 tty6 00:00:00 getty
any strange processes? or something i should look for?