Re: Strange network activity after updates

[Camaleón <noelamac@gmail.com>]

On Sat, 04 Aug 2012 17:40:53 -0300, Henrique de Moraes Holschuh wrote:

> On Sat, 04 Aug 2012, Camaleón wrote:
>> > I know the constant connection is a multicast address, but what is
>> > this other stuff? It looks like something is broken/misconfigured or
>> > an outright hack of the Debian repository has occurred and many
>> > Debian systems are now part of a botnet.
>> 
>> Linux as part of a botnet? That's a good one :-P
> 
> Now, here I will have to step in.  No, it is not a good one.  Linux
> nodes _are_ commonly co-opted to act as C&C for botnets.  And
> browser-based ephemeral botnet nodes (in javascript, installed by
> drive-by attacks) DO work in Linux.

I've never read about linux boxes being used as bots, can you please 
indicate any report/stats about that fact?

(and please, do not put linux *servers* in the same bag, I speak here 
about linux *desktops* not computers with opened ports and running out-of-
date and unpatched software)

>> > My Debian box is staying offline until I find out what is going on.
>> 
>> That's sounds a bit radical :-o
> 
> It is actually a very responsible way of handling it.

With the given data? Running Debian? Behind a home router which usually 
come by default with NAT and firewall enabled? I don't think so. Really.

Greetings,

-- 
Camaleón