-----BEGIN PGP SIGNED MESSAGE-----
This is one of the IP addresses of http.us.debian.org.
My ISP reports over a 1GB of data transfered from it to 184.108.40.206
which is one of my debian boxes (behind a NetBSD firewall).
I do not see anything strange about the box (but, I could be patched). I
just went to look to see if dpkg had some tripwire equivalent built in (not
that I can see so far) to verify the system.
When I went to update, that is when I discovered that 220.127.116.11 was
http.us.debian.org, since my tcpdump elsewhere showed it. I did install
another box (.26) on Monday.
The ports that my ISP's netflow logs report are all <1024. (On both ends)
Whether or not my box has been infiltrated is an open question.
Could 18.104.22.168 have been compromised?
(finger for PGP key)
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] firstname.lastname@example.org http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Comment: Processed by Mailcrypt 3.5.6, an Emacs/PGP interface
-----END PGP SIGNATURE-----