IP 209.10.41.242
-----BEGIN PGP SIGNED MESSAGE-----
This is one of the IP addresses of http.us.debian.org.
My ISP reports over a 1GB of data transfered from it to 192.139.46.28
which is one of my debian boxes (behind a NetBSD firewall).
I do not see anything strange about the box (but, I could be patched). I
just went to look to see if dpkg had some tripwire equivalent built in (not
that I can see so far) to verify the system.
When I went to update, that is when I discovered that 209.10.41.242 was
http.us.debian.org, since my tcpdump elsewhere showed it. I did install
another box (.26) on Monday.
The ports that my ISP's netflow logs report are all <1024. (On both ends)
Whether or not my box has been infiltrated is an open question.
Could 209.10.41.242 have been compromised?
(finger for PGP key)
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@sandelman.ottawa.on.ca http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: latin1
Comment: Processed by Mailcrypt 3.5.6, an Emacs/PGP interface
iQCVAwUBO4QTj4qHRg3pndX9AQG3RAP9EI3qgOgCdgS7WZ9z6yvGaMBgBQ9ZF3V6
6HHavSou5VRoihaHOT66dweJoSTFURV6bJtxLLvjKjnunC8Utnt039jyM96VRvKJ
BWmiMXMxmb1BwGo/Eg+UhL2veGgtzVHwVXG2OtCuNMybvaDSSZj6hQje3z+3OKXv
wXsU/7JQrSw=
=vc4Z
-----END PGP SIGNATURE-----
Reply to: