Re: Strange network activity after updates
03.08.2012, 23:06, "Frank McCormick" <firstname.lastname@example.org>:
> Sorry first reply went to his email address -
> On 03/08/12 01:56 PM, Paul Zimmerman wrote:
>> Today I downloaded a large group of updates, including Open Office and some dns-related utilities. Once they were applied,
>> some strange network activity started on my machine. It keeps sending
>> and receiving about 10-14k per second but I cannot find any programs
>> that would be
>> doing anything on the network. Trying to figure out what is going on,
> I installed iftop and it says there is a constant connection to
> 220.127.116.11 and various transient connections to sites like
> vc-in-f106-1e100.net --
> which turns out to be owned by Google --
> and other sites like something called activeminds.net.
> Activeminds.net is actually activeminds.de....an ISP in Germany
> I know the constant connection is a multicast address, but what is this
> other stuff?
> It looks like something is broken/misconfigured or an outright hack of
> the Debian repository has occurred and many Debian systems are now part
> of a botnet.
> Certainly hope not
> My Debian box is staying offline until I find out what is going on.
You would better publish tcpdump pcap file for analyses