-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 21.01.2012 01:12, Grant wrote:
>>> If the machine is running linux, then 'watch "lsof -n|grep
>>> TCP|grep 3680"' as root is a sloppy but effective way to find
>>> it. There's probably some way to set up a firewall rule on the
>>> host in question that logs out the user and (possibly) PID of
>>> the connection, but I don't know.
>> 
>> "lsof -i" is easier, it only shows network connections :)
>> 
>> catching it when it happens (if it is very briefly connected)
>> could be hard with lsof... Maybe setup a tarpit firewall rule on
>> that box so the connection stays open for a long time.
> 
> The connections are only attempted a few times throughout the day.
> Is a tarpit firewall rule the only way to do this?  Can anyone tell
> me what package 'watch' belongs to if that would work?
> 
> - Grant
> 
I get:

equery b watch
 * Searching for watch ...
net-irc/irssi-0.8.15-r1 (/usr/share/irssi/help/watch)
sys-process/procps-3.2.8_p11 (/usr/bin/watch)
x11-themes/gnome-themes-standard-3.3.4
(/usr/share/cursors/xorg-x11/Adwaita/cursors/watch)

First and third can be ruled out, I think. So one candidate remains:

sys-process/procps
     Available versions:  3.2.8 (~)3.2.8-r1 3.2.8-r2 (~)3.2.8_p10-r1
3.2.8_p11 {unicode}
     Installed versions:  3.2.8_p11(00:15:18 22.12.2011)(unicode)
     Homepage:            http://procps.sourceforge.net/
     Description:         Standard informational utilities and
process-handling tools
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPGghBAAoJEJwwOFaNFkYc22gH/1hx7MQb/exllk3GhkQSQes/
P6XFg/8dJy3Kag0FReAN/xN6or9SHPHXgUiVUsN+XIYV6Vt94Gbm/ZUHfwkzckJG
DP3/z+pQ0E0+xle32Gabo5Hpt47chgzsThdyghVkWVefMqQdkJwJPGwHcQ3yCzC5
LIXgZzmKoPUx5I9BaFnl/KkxRGbtTDYieWdpaxkOPjHiMZ+8wDPO6XDfhSggJPdR
4hMFik2B/04s7OTlqA9Qfvk1PZszSPnFN5t4Ick1PHwi/ZesobJGR5eeBlUfq5av
Y9STFvDojCAo3Mjf2IiXWCP8j8Fs9e7ToXvwmhn55t4XjS0v9Y+qhq8B3IsSl7o=
=gaPQ
-----END PGP SIGNATURE-----

Reply via email to