Re: Strange network activity after updates
On Fri, 03 Aug 2012 10:56:14 -0700, Paul Zimmerman wrote:
> Today I downloaded a large group of updates, including Open Office and
> some dns-related utilities. Once they were applied, some strange network
> activity started on my machine. It keeps sending and receiving about
> 10-14k per second but I cannot find any programs that would be doing
> anything on the network.
"netstat -putan" should give you some hints.
> Trying to figure out what is going on, I installed iftop and it says
> there is a constant connection to 22.214.171.124 and various transient
> connections to sites like vc-in-f106-1e100.net -- which turns out to be
> owned by Google -- and other sites like something called
Are these inbound or outgoing connections? And what ports?
Anyway, at a first glance I don't see anything suspiciuos about the
126.96.36.199 → SSDP/UPnP
1e100.net → Google stuff
activeminds.net → a German ISP
> I know the constant connection is a multicast address, but what is this
> other stuff? It looks like something is broken/misconfigured or an
> outright hack of the Debian repository has occurred and many Debian
> systems are now part of a botnet.
Linux as part of a botnet? That's a good one :-P
> My Debian box is staying offline until I find out what is going on.
That's sounds a bit radical :-o
More information is needed to find out what's happening.