Re: Strange network activity after updates
On Sat, 04 Aug 2012, Camaleón wrote:
> > I know the constant connection is a multicast address, but what is this
> > other stuff? It looks like something is broken/misconfigured or an
> > outright hack of the Debian repository has occurred and many Debian
> > systems are now part of a botnet.
>
> Linux as part of a botnet? That's a good one :-P
Now, here I will have to step in. No, it is not a good one. Linux
nodes _are_ commonly co-opted to act as C&C for botnets. And
browser-based ephemeral botnet nodes (in javascript, installed by
drive-by attacks) DO work in Linux.
> > My Debian box is staying offline until I find out what is going on.
>
> That's sounds a bit radical :-o
It is actually a very responsible way of handling it.
--
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot
Henrique Holschuh
Reply to: