Sorry for the panic attack. It appears the site is running a time server. I examined etherape's graphical output and saw that http had the same color as ntp traffic. The system stopped connecting when I disabled ntpd and ntpdate (I don't know which one Fedora is using as a NTP client).
The weird thing is that before I disable ntp*, Fedora would contact the site once every minute. It seems excessive so I just shut it down. Since the connection was intermittent, it wouldn't show up in netstat. 2008/10/5, jan gestre <[EMAIL PROTECTED]>: > it's a phising site, maybe someone gave you the link via yahoo messenger or > other form of IM, read this forum thread for more info --> > http://forums.e-games.com.ph/lofiversion/index.php/t8828.html > > On Sat, Oct 4, 2008 at 8:31 PM, Slim Joe <[EMAIL PROTECTED]> wrote: > >> I'm trying out Fedora 9. I wanted to see if there were any unnecessary >> open ports. So I installed nmap and did a local scan (192.168.X.X >> behind a DSL router). I managed to close all the open ports by turning >> off all the services listed by nmap including sshd, sendmail and >> something called rpc. >> >> However when I ran etherape, I found a persistent connection to a site >> called "rewards.e-games.com.ph". (After doing a dns resolve) I >> couldn't find any program connecting to the said site. So I installed >> chkrootkit but I found nothing suspicious in the output. >> >> I have never played an online game, so I'm worried by this persistent >> connection to the "e-games" site even when I'm not browsing and have >> killed (-9) all background downloads (packagekit, yum, rpm and their >> python helper programs). >> _________________________________________________ >> Philippine Linux Users' Group (PLUG) Mailing List >> http://lists.linux.org.ph/mailman/listinfo/plug >> Searchable Archives: http://archives.free.net.ph >> > > > > -- > http://jangestre.wordpress.com > _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
