03.08.2012, 23:06, "Frank McCormick" <debianl...@videotron.ca>: > Sorry first reply went to his email address - > > On 03/08/12 01:56 PM, Paul Zimmerman wrote: > >> Today I downloaded a large group of updates, including Open Office and some >> dns-related utilities. Once they were applied, >> some strange network activity started on my machine. It keeps sending >> and receiving about 10-14k per second but I cannot find any programs >> that would be >> doing anything on the network. Trying to figure out what is going on, > > I installed iftop and it says there is a constant connection to > 239.255.255.250 and various transient connections to sites like > vc-in-f106-1e100.net -- > which turns out to be owned by Google -- > and other sites like something called activeminds.net. > > Activeminds.net is actually activeminds.de....an ISP in Germany > > I know the constant connection is a multicast address, but what is this > other stuff? > It looks like something is broken/misconfigured or an outright hack of > the Debian repository has occurred and many Debian systems are now part > of a botnet. > > Certainly hope not > > My Debian box is staying offline until I find out what is going on. >
You would better publish tcpdump pcap file for analyses -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/732811344021...@web30f.yandex.ru