[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Strange network activity after updates

On Fri, 03 Aug 2012 10:56:14 -0700, Paul Zimmerman wrote:

> Today I downloaded a large group of updates, including Open Office and
> some dns-related utilities. Once they were applied, some strange network
> activity started on my machine. It keeps sending and receiving about
> 10-14k per second but I cannot find any programs that would be doing
> anything on the network. 

"netstat -putan" should give you some hints.

> Trying to figure out what is going on, I installed iftop and it says
> there is a constant connection to and various transient
> connections to sites like vc-in-f106-1e100.net -- which turns out to be
> owned by Google -- and other sites like something called
> activeminds.net. 

Are these inbound or outgoing connections? And what ports? 

Anyway, at a first glance I don't see anything suspiciuos about the 
mentioned sites: → SSDP/UPnP
1e100.net → Google stuff
activeminds.net → a German ISP

> I know the constant connection is a multicast address, but what is this
> other stuff? It looks like something is broken/misconfigured or an
> outright hack of the Debian repository has occurred and many Debian
> systems are now part of a botnet. 

Linux as part of a botnet? That's a good one :-P

> My Debian box is staying offline until I find out what is going on.

That's sounds a bit radical :-o

More information is needed to find out what's happening.



Reply to: