On Monday 23 April 2007, Randall R Schulz wrote: > Dylan, > > On Monday 23 April 2007 07:26, Dylan wrote: > > Hi All, > > > > Since I logged in this morning I've noticed a constant 5KB/s network > > traffic coming into my machine and a small increase in processor > > activity. This is exactly what I would expect if I was streaming > > radio, as I was last night. It may be significant that I > > inadvertantly let the laptop's battery discharge fully last night > > having fallen asleep listening to the radio stream. > > When I see that, I usually check /var/log/messages.
Indeed, have had it on the terminal all day so far and little more than dhcp messages. The firewall is set to log all accepted and rejected packets, but nothing suspicious turns up there either. > Typically it's a > barrage of remote break-in attempts directed via ssh. If your system > has secure passwords, you have nothing to worry about--they're just > guessing login name / password combinations in hope of establishing a > foothold on your system. Well, the port is already closed (did that when I noticed the traffic) and I use shared keys anyway. > > > Which tools do I need to use to identify what is causing this traffic > > in order to eliminate it (or realise that it's perfectly normal, of > > course!) > > If you find this activity onerous, there are scripts that monitor the > pertinent log files and dynamically add firewall rules that block the > originating IP address when they're detected. The real point is, thought, that it would be a good idea to know which tools will tell me which connections are active on the machine so I can track down the details of what is going on! Dylan > > > Cheers > > > > Dylan > > Randall Schulz -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
