suspicious process mail every hour..

hakabus

Member
Jul 21, 2008
5
0
51
Hi'

I get the below mail every our, and i can't figure out why i get this message.

Any of you guys out there have an idea on this?

Is this something to worry about?

Time: Mon Aug 25 04:42:38 2008 +0200
PID: 3319
Account: nobody
Uptime: 1356716 seconds


Executable:

/usr/sbin/dnsmasq


Command Line (often faked in exploits):

/usr/sbin/dnsmasq --keep-in-foreground --strict-order --bind-interfaces --pid-file --conf-file --listen-address 192.168.122.1 --except-interface lo --dhcp-leasefile=/var/lib/libvirt/dhcp-default.leases --dhcp-range 192.168.122.2,192.168.122.254


Network connections by the process (if any):

udp: 0.0.0.0:32778 -> 0.0.0.0:0
tcp: 192.168.122.1:53 -> 0.0.0.0:0
udp: 192.168.122.1:53 -> 0.0.0.0:0
udp: 0.0.0.0:67 -> 0.0.0.0:0


Files open by the process (if any):

/dev/null
/dev/null
/dev/null
/var/lib/libvirt/dhcp-default.leases


Memory maps by the process (if any):

00280000-003c0000 r-xp 00000000 fd:00 2164248 /lib/i686/nosegneg/libc-2.5.so
003c0000-003c2000 r--p 00140000 fd:00 2164248 /lib/i686/nosegneg/libc-2.5.so
003c2000-003c3000 rw-p 00142000 fd:00 2164248 /lib/i686/nosegneg/libc-2.5.so
003c3000-003c6000 rw-p 003c3000 00:00 0
006c1000-006db000 r-xp 00000000 fd:00 2162704 /lib/ld-2.5.so
006db000-006dc000 r--p 00019000 fd:00 2162704 /lib/ld-2.5.so
006dc000-006dd000 rw-p 0001a000 fd:00 2162704 /lib/ld-2.5.so
00866000-00867000 r-xp 00866000 00:00 0 [vdso]
00ac7000-00ad0000 r-xp 00000000 fd:00 2164199 /lib/libnss_files-2.5.so
00ad0000-00ad1000 r--p 00008000 fd:00 2164199 /lib/libnss_files-2.5.so
00ad1000-00ad2000 rw-p 00009000 fd:00 2164199 /lib/libnss_files-2.5.so
08048000-08067000 r-xp 00000000 fd:00 3732889 /usr/sbin/dnsmasq
08067000-08069000 rw-p 0001e000 fd:00 3732889 /usr/sbin/dnsmasq
09272000-09293000 rw-p 09272000 00:00 0
b7fdd000-b7fde000 rw-p b7fdd000 00:00 0
b7ff6000-b7ff8000 rw-p b7ff6000 00:00 0
bf9fd000-bfa12000 rw-p bf9fd000 00:00 0 [stack]
 

SB-Nick

Well-Known Member
Aug 26, 2008
175
9
68
cPanel Access Level
Root Administrator
Hello,

dnsmasq is the service that allows DNS over NAT. Not sure why its running on your cPanel box. Although i would recommend you to ask your System Admin about it and if you are not using it you should disable it.
That would skip sending you those mails.