On 15/06/17 14:13, Ted Unangst wrote: > Maurice McCarthy wrote: > > Hi, > > > > $ xauth list > > ... > > advancedsearch.virginmedia.com:0 MIT-MAGIC-COOKIE-1 > > f3aa08ed0926482c51f5cb386e28a0ea > > > > > > Virgin Media is my ISP. Is this an intrusion into my system please? I > > ran xauth remove ... just for the sake of it anyhow. > > well, even if it wasn't, you just posted the secret key to a public list, so > probably wise to remove it anyway. :)
Thanks to all that have replied and apologies for the slow response. Had to attend to more urgent matters. (Lost the blessed terrestrial TV signal!) To TedU, Ooops! ... Well, I moved the .Xauthority file aside and restarted X to create a new one. Obviously it has one line with my hostname in it. But $ xauth list fresh.yem/unix:0 MIT-MAGIC-COOKIE-1 ... advancedsearch.virginmedia.com:0 MIT-MAGIC-COOKIE-1 ... And only now did I notice that the magic cookie is identical for both entries. This mystifies me. (BTW apparently Virgin has historically used a bit of DNS hijacking so I bunged this line into /etc/hosts before restarting X. 127.0.0.1 advancedsearch.virginmedia.com ) To Peter Hessler, The reverse DNS went like this 80.2.249.209 cpc77525-cwma10-2-0-cust208.7-3.cable.virginm.net I run most traffic through a vpn but my router is a Virgin SuperHub2, as they call it. To Dot Yet, I've through system logs etc and nothing seems to look suspicious. Can't find any attempts to execute commands nor authenticate. Further the remote access port is disabled in the router settings. I've never asked Virgin for support in years. To Joe Holden, Thanks for the tip about NXDOMAIN queries. Don't see where to unset in the router but I'm guessing the hosts file entry above should do the same thing. I'll keep looking around to reassure myself anyhow Thanks to all, Moss
