What PID/program is this?

Question

I ran the netstat command and I got a program with PID/program description as 3061/host. The protocol was udp. The local address was 0.0.0.0:37089. The foreign address was 0.0.0.0:*

Is there some place I can get pid information on the web?

Can you provide some information about using netstat to detect hacking?

Edit: I just found out that I have random connections to other hosts with PID including 512, 32404, 32353, 31509, 31123. It lasts for a short time but it so far has never said that the connection state was established.

Here is an example:

udp        0      0 0.0.0.0:44848           0.0.0.0:*  20730/host

Hello. Is it a VPS or a regular instance? In case it is VPS, probably this service is related to your VPS provider envirnment and you should ask them for more details. — pa4080, May 28 '19 at 10:49

score 0 · Answer 1 · answered May 28 '19 at 12:29

You can use wireshark to monitor and analyze network traffic.

You likely have some sort of abuse going on. There are several posts out there about /usr/bin/hosts being abused via php like this one: https://serverfault.com/questions/705217/usr-bin-host-executed-by-hacked-php-script, several posts I came across talk about wordpress and a vulnerable plugin that was installed.

What PID/program is this?

1 Answers1