On Mon, 06 Aug 2012, Paul Zimmerman wrote:
> I prefer the alternative. tcpdump is a much smaller package. :)
>
> So, I did this for several minutes and looked at the log. Doesn't
> look like it needs much technical expertise to interpret. The
> content of the packets is printed in plain text and
Henrique de Moraes Holschuh writes:
>Alternatively you may use 'tcpdump' instead of wireshark.
>Run "tcpdump -s 1600 -i any -w /tmp/output.tcpdump.bin
>host 239.255.255.250", and stop it with ^C after 5-10s.
>It will save the packet dump to /tmp/output.tcpdump.bin,
>which you should gzip or xz
On Sun, 05 Aug 2012 14:04:59 -0400, John L. Cunningham wrote:
> On Sun, Aug 05, 2012 at 03:20:01PM +, Camaleón wrote:
>> On Sun, 05 Aug 2012 11:51:53 -0300, Henrique de Moraes Holschuh wrote:
>> > On Sun, 05 Aug 2012, Camaleón wrote:
>> >> First, a server is usually managed by people that know
On Sun, Aug 05, 2012 at 03:20:01PM +, Camaleón wrote:
> On Sun, 05 Aug 2012 11:51:53 -0300, Henrique de Moraes Holschuh wrote:
> > On Sun, 05 Aug 2012, Camaleón wrote:
> >> First, a server is usually managed by people that knows how this stuff
> >
> > This is not true anymore.
>
> Sure it is.
On Sun, 05 Aug 2012 11:51:53 -0300, Henrique de Moraes Holschuh wrote:
> On Sun, 05 Aug 2012, Camaleón wrote:
>> > We've cleaned up a few work. We are not sure how the payload got in
>> > (best guess: browser). I am not allowed to disclose any more data
>> > than this.
>>
>> What?! Are you say
On Sun, 05 Aug 2012, Camaleón wrote:
> On Sat, 04 Aug 2012 19:48:35 -0300, Henrique de Moraes Holschuh wrote:
> > On Sat, 04 Aug 2012, Camaleón wrote:
>
> >> I've never read about linux boxes being used as bots, can you please
> >> indicate any report/stats about that fact?
> >
> > We've cleaned
On Sat, 04 Aug 2012 19:48:35 -0300, Henrique de Moraes Holschuh wrote:
> On Sat, 04 Aug 2012, Camaleón wrote:
>> I've never read about linux boxes being used as bots, can you please
>> indicate any report/stats about that fact?
>
> We've cleaned up a few work. We are not sure how the payload go
On Sat, 04 Aug 2012, Camaleón wrote:
> On Sat, 04 Aug 2012 17:40:53 -0300, Henrique de Moraes Holschuh wrote:
> > On Sat, 04 Aug 2012, Camaleón wrote:
> >> > I know the constant connection is a multicast address, but what is
> >> > this other stuff? It looks like something is broken/misconfigured o
On Sat, 04 Aug 2012 17:40:53 -0300, Henrique de Moraes Holschuh wrote:
> On Sat, 04 Aug 2012, Camaleón wrote:
>> > I know the constant connection is a multicast address, but what is
>> > this other stuff? It looks like something is broken/misconfigured or
>> > an outright hack of the Debian reposi
On Sat, 04 Aug 2012, Paul Zimmerman wrote:
> JulHer writes:
>
> >239.255.255.250 maybe is SSDP
> >>http://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol >The other
> >stuff I don't know,
> That's a possibility, I guess. But it's not an intermittent
> or occasional thing. And it doesn
On Sat, 04 Aug 2012, Camaleón wrote:
> > I know the constant connection is a multicast address, but what is this
> > other stuff? It looks like something is broken/misconfigured or an
> > outright hack of the Debian repository has occurred and many Debian
> > systems are now part of a botnet.
>
>
On Fri, 03 Aug 2012 10:56:14 -0700, Paul Zimmerman wrote:
> Today I downloaded a large group of updates, including Open Office and
> some dns-related utilities. Once they were applied, some strange network
> activity started on my machine. It keeps sending and receiving about
> 10-14k per second b
JulHer writes:
>239.255.255.250 maybe is SSDP
>>http://en.wikipedia.org/wiki/Simple_Service_Discovery_Protocol >The other
>stuff I don't know,
That's a possibility, I guess. But it's not an intermittent
or occasional thing. And it doesn't run for a bit and then
stop. This is a constant 10-
Good time of the day, Paul.
You wrote:
> My Debian box is staying offline until I find out what is going on.
You can simply allow only desired output traffic - rather than staying
off line - until You solve Your problem OR everafter.
Sthu.
--
To UNSUBSCRIBE, email to debian-user-requ...@lis
El vie, 03-08-2012 a las 10:56 -0700, Paul Zimmerman escribió:
> I installed iftop and it says there is a constant connection to
> 239.255.255.250 and various transient connections to sites like
> vc-in-f106-1e100.net -- which turns out to be owned by Google -- and
> other sites like something call
03.08.2012, 23:06, "Frank McCormick" :
> Sorry first reply went to his email address -
>
> On 03/08/12 01:56 PM, Paul Zimmerman wrote:
>
>> Today I downloaded a large group of updates, including Open Office and some
>> dns-related utilities. Once they were applied,
>> some strange network acti
Sorry first reply went to his email address -
On 03/08/12 01:56 PM, Paul Zimmerman wrote:
Today I downloaded a large group of updates, including Open Office and some
dns-related utilities. Once they were applied,
> some strange network activity started on my machine. It keeps sending
> and re
Today I downloaded a large group of updates, including Open Office and some
dns-related utilities. Once they were applied, some strange network activity
started on my machine. It keeps sending and receiving about 10-14k per second
but I cannot find any programs that would be doing anything on th
18 matches
Mail list logo
