On Fri, 03 Aug 2012 10:56:14 -0700, Paul Zimmerman wrote: > Today I downloaded a large group of updates, including Open Office and > some dns-related utilities. Once they were applied, some strange network > activity started on my machine. It keeps sending and receiving about > 10-14k per second but I cannot find any programs that would be doing > anything on the network.
"netstat -putan" should give you some hints. > Trying to figure out what is going on, I installed iftop and it says > there is a constant connection to 239.255.255.250 and various transient > connections to sites like vc-in-f106-1e100.net -- which turns out to be > owned by Google -- and other sites like something called > activeminds.net. Are these inbound or outgoing connections? And what ports? Anyway, at a first glance I don't see anything suspiciuos about the mentioned sites: 239.255.255.250 → SSDP/UPnP 1e100.net → Google stuff activeminds.net → a German ISP > I know the constant connection is a multicast address, but what is this > other stuff? It looks like something is broken/misconfigured or an > outright hack of the Debian repository has occurred and many Debian > systems are now part of a botnet. Linux as part of a botnet? That's a good one :-P > My Debian box is staying offline until I find out what is going on. That's sounds a bit radical :-o More information is needed to find out what's happening. Greetings, -- Camaleón -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/jvjurj$dtf$6...@dough.gmane.org
