22Nis
Linux automated SMB connection attempts: has my server been compromised
We have a Linux server running CentOS7. A few days ago we found out that it has started continuously attempting to connect to a Windows server share via port 445 using a certain user's AD credentials. Every 2-3 seconds there is a SYN_SENT request.
I am trying to find out what process is doing this, but netstat and ss don't show any PID info for this. What can I do to find out the cause of this