Re: Strange network activity after updates

To: debian-user@lists.debian.org
Subject: Re: Strange network activity after updates
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Sat, 4 Aug 2012 17:40:53 -0300
Message-id: <[🔎] 20120804204053.GA13433@khazad-dum.debian.net>
In-reply-to: <[🔎] jvjurj$dtf$6@dough.gmane.org>
References: <[🔎] 1344016574.51012.YahooMailNeo@web126102.mail.ne1.yahoo.com> <[🔎] jvjurj$dtf$6@dough.gmane.org>

On Sat, 04 Aug 2012, Camaleón wrote:
> > I know the constant connection is a multicast address, but what is this
> > other stuff? It looks like something is broken/misconfigured or an
> > outright hack of the Debian repository has occurred and many Debian
> > systems are now part of a botnet. 
> 
> Linux as part of a botnet? That's a good one :-P

Now, here I will have to step in.  No, it is not a good one.  Linux
nodes _are_ commonly co-opted to act as C&C for botnets.  And
browser-based ephemeral botnet nodes (in javascript, installed by
drive-by attacks) DO work in Linux.

> > My Debian box is staying offline until I find out what is going on.
> 
> That's sounds a bit radical :-o

It is actually a very responsible way of handling it.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

Follow-Ups:
- Re: Strange network activity after updates
  - From: Camaleón <noelamac@gmail.com>

References:
- Strange network activity after updates
  - From: Paul Zimmerman <aiwanar@yahoo.com>
- Re: Strange network activity after updates
  - From: Camaleón <noelamac@gmail.com>

Prev by Date: Re: switching ESC and CAP LOCK in xcfe
Next by Date: Re: Strange network activity after updates
Previous by thread: Re: Strange network activity after updates
Next by thread: Re: Strange network activity after updates
Index(es):
- Date
- Thread