I have the following problem on one of my servers. I keep receiving lsm alerts for different ports. Like this:
This is an automated alert generated from . This alert is to
notify the addressed users of new server sockets. New server sockets can
indicate server-software that has been started on your host, or otherwise
be an indication to malicious activity. It is advised to review this alert
and investigate if needed.
Following is a summary of new Internet Server Sockets:
> tcp 0 0 server.ip:46917 0.0.0.0:* LISTEN -
> tcp 0 0 server.ip:46918 0.0.0.0:* LISTEN -
> tcp 0 0 server.ip:46921 0.0.0.0:* LISTEN -
> tcp 0 0 server.ip:46922 0.0.0.0:* LISTEN -
Following is a summary of a new Unix Domain Sockets:
no changes to Unix Domain Sockets
> tcp 0 0 server.ip:42799 0.0.0.0:* LISTEN 2964/italy006.jpg
> tcp 0 0 server.ip:33363 0.0.0.0:* LISTEN 2501/ny036.jpg
How can jpegs open ports?
Are these false alarms? Thank you!!