0

Actually, I have a CentOS 8 server which is executing brute force attack to other servers. But I have no idea what application or process is performing this attack.

I wish to know if there's any tool which allows me to know all outgoing address associated with which process name with a timestamp.

It will be better if this can be viewed through a log file as I don't know when the brute force attack will be launched. Once I get notified about the brute force, I'll then check the log file to know the root process.

Keshav Boodhun
  • 1
  • The general consensus is that when your server has been thoroughly compromised you can't rely on tools running on that compromised server reporting correctly what's happening on your server. Second identifying the process that does the attacking, may not help you identifying how the server was compromised in the first place, won't fix the original vulnerability and won't fix any potential backdoors that were installed after the initial compromise – HBruijn Dec 14 '23 at 11:53
  • Well some actions were taken to harden the security like strengthening the firewall policies/access and ran a scan on the server. We did not receive any alert since then. – Keshav Boodhun Dec 14 '23 at 12:54

0 Answers0