Re: Strange network activity after updates

[Darren Baginski <kickbsd@yandex.ru>]

03.08.2012, 23:06, "Frank McCormick" <debianlist@videotron.ca>:
> Sorry first reply went to his email address -
>
> On 03/08/12 01:56 PM, Paul Zimmerman wrote:
>
>>  Today I downloaded a large group of updates, including Open Office and some dns-related utilities. Once they were applied,
>>  some strange network activity started on my machine. It keeps sending
>>  and receiving about 10-14k per second but I cannot find any programs
>>  that would be
>>  doing anything on the network. Trying to figure out what is going on,
>
> I installed iftop and it says there is a constant connection to
> 239.255.255.250 and various transient connections to sites like
> vc-in-f106-1e100.net --
> which turns out to be owned by Google --
> and other sites like something called activeminds.net.
>
> Activeminds.net is actually activeminds.de....an ISP in Germany
>
> I know the constant connection is a multicast address, but what is this
> other stuff?
> It looks like something is broken/misconfigured or an outright hack of
> the Debian repository has occurred and many Debian systems are now part
> of a botnet.
>
> Certainly hope not
>
> My Debian box is staying offline until I find out what is going on.
>

You would better publish tcpdump pcap file for analyses