<[EMAIL PROTECTED]> was rumoured to say:
On Thu, Jun 26, 2008 at 4:21 PM, Chris Downie <[EMAIL PROTECTED]> wrote:
Presumably I now need to run netstat again when it's downloading to what
extra is happening.
yes, and/or some of the other solutions posted.
The doomsayers may be right, but there may also be a simpler and more
benign answer :-)
netstat run whilst downloading:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 0.0.0.0:515
0.0.0.0:* LISTEN 3748/inetd
tcp 0 0 127.0.0.1:5318
0.0.0.0:* LISTEN 3670/python
tcp 0 0 127.0.0.1:4774
0.0.0.0:* LISTEN 3663/hpiod
tcp 0 0 0.0.0.0:20012
0.0.0.0:* LISTEN 3748/inetd
tcp 0 0 127.0.0.1:783
0.0.0.0:* LISTEN 3695/spamd.pid
tcp 0 0 0.0.0.0:631
0.0.0.0:* LISTEN 4598/cupsd
tcp 0 0 0.0.0.0:7741
0.0.0.0:* LISTEN 3752/lisa
tcp 0 0 127.0.0.1:4774
127.0.0.1:3357 ESTABLISHED 3663/hpiod
tcp 1 0 127.0.0.1:3874
127.0.0.1:631 CLOSE_WAIT 3670/python
tcp 1 0 127.0.0.1:3875
127.0.0.1:631 CLOSE_WAIT 3670/python
tcp 0 0 127.0.0.1:3357
127.0.0.1:4774 ESTABLISHED 3670/python
tcp 0 0 192.168.0.2:4554
117.104.160.194:80 ESTABLISHED 11097/freshclam
tcp 0 0 192.168.0.2:3969
203.57.145.2:80 ESTABLISHED 9075/opera
So possibly a script giving clamav free reign?
I ran chkrootkit with nothing untoward found.
Cheers,
Chris
