Something fishy is going on
A fish just swam across my screen. What the hell is up with that? I kid you not. Here are the current processes. I just updated woody for the first time in a month. Do any of these processes now send up a fish every now and again, or have I been broken into? It looked a lot like /usr/share/pixmaps/gnome-fish.png but was pointing to the right (and swam from left to right). PID TTY STAT TIME COMMAND 1 ?S 0:09 init [2] 2 ?SW 0:00 [keventd] 3 ?SW 1:40 [kswapd] 4 ?SW 0:00 [kreclaimd] 5 ?SW 0:04 [bdflush] 6 ?SW 0:15 [kupdated] 8 ?SW 0:00 [khubd] 136 ?S 0:00 /sbin/portmap 274 ?S 0:13 /sbin/syslogd 277 ?S 0:00 /sbin/klogd 285 ?S 0:00 /sbin/rpc.statd 293 ?S 0:00 /usr/sbin/gpm -m /dev/mouse -t ps2 314 ?S 0:00 /usr/sbin/inetd 329 ?S 0:00 lpd Waiting 370 ?S 0:00 /usr/lib/postgresql/bin/postmaster -D /var/lib/postgres/data 376 ?S 0:00 /usr/sbin/rwhod -b 378 ?S 0:00 /usr/sbin/rwhod -b 479 ?S 0:01 /usr/sbin/sshd 486 ?S 0:00 /usr/bin/X11/xfs -daemon 499 ?SL 0:00 /usr/sbin/ntpd 501 ?SL 0:00 /usr/sbin/ntpd 503 ?SL 0:00 /usr/sbin/ntpd 504 ?S 0:00 /usr/sbin/atd 507 ?S 0:01 /usr/sbin/cron 553 ?S 0:00 /usr/bin/vmnet-bridge -d /var/run/vmnet-bridge-0.pid /dev/vmnet0 eth0 568 ?S 0:00 /usr/bin/vmnet-netifup -d /var/run/vmnet-netifup-vmnet1.pid /dev/vmnet1 vmnet1 584 ?S 0:00 /usr/bin/vmnet-dhcpd -cf /etc/vmware/vmnet1/dhcpd/dhcpd.conf -lf /etc/vmware/vmnet1/dhcpd/dhcpd.leases -pf /var/run/vmnet-dhcpd-vmnet1.pid vmnet1 597 ?S 0:00 /usr/bin/gdm 600 tty1 S 0:00 /sbin/getty 38400 tty1 601 tty2 S 0:00 /sbin/getty 38400 tty2 602 tty3 S 0:00 /sbin/getty 38400 tty3 603 tty4 S 0:00 /sbin/getty 38400 tty4 604 tty5 S 0:00 /sbin/getty 38400 tty5 605 ?S27:13 /usr/bin/X11/X vt7 -deferglyphs 16 -auth /var/lib/gdm/:0.Xauth :0 606 tty6 S 0:00 /sbin/getty 38400 tty6 607 ?S 0:00 /usr/bin/gdm 618 ?S 0:02 /usr/bin/gnome-session --purge-delay=15000 688 ?S 0:00 /usr/bin/ssh-agent -- /usr/bin/gnome-session --purge-delay=15000 692 ?S 0:04 gnome-smproxy --sm-config-prefix /.gnome-smproxy-xpu7If/ --sm-client-id 11d1e910b09943871450177370015 694 ?S 2:02 enlightenment -smfile /home/wohler/.enlightenment/...e_session-XX -smid 11d1e910b09926165970165750012 -econfdir /home/wohler/.enlightenment -ecachedir /home/wohler/.enlightenment 716 ?S 0:01 gmc --sm-config-prefix /gmc-B5TaG2/ --sm-client-id 11d1e910b09526773010217920009 718 ?S 4:52 esd -nobeeps 724 ?S 0:25 panel --sm-config-prefix /panel.d/default-sVIYjX/ --sm-client-id 11d1e910b09956802520007410006 729 ?S 0:04 jpilot 736 ?S 13:20 emacs 738 ?S 0:10 xwrits 742 ?S 0:07 xfaces 745 ?S 0:00 gnome-name-service 748 ?S 0:03 Eterm --console --name console --exec su - 752 ?S 0:11 Eterm --name gbr 842 pts/5S 0:00 -su 881 ?S 0:12 sendmail: accepting connections 882 pts/7S 0:04 -bash 915 ?S 0:01 mixer_applet --activate-goad-server mixer_applet --goad-fd 10 917 ?S 0:14 gnomexmms --activate-goad-server gnomexmms --goad-fd 10 934 ?S 0:03 asclock_applet --activate-goad-server asclock_applet --goad-fd 14 1655 ?SN 0:37 /usr/sbin/netsaint /etc/netsaint/netsaint.cfg 22854 pts/5S 0:41 emacs 22860 ?S 0:00 /usr/local/lib/emacs/21.0.103/i686-pc-linux-gnu/emacsserver 23828 ?S 0:00 /usr/bin/ispell -a -m -B 24227 pts/5S 0:00 /bin/bash /usr/bin/vvstartdictation 24234 pts/5S 0:11 /usr/lib/j2sdk1.3/bin/i386/native_threads/java -classic -jar speakpad.jar 24272 pts/5S 0:00 /usr/lib/j2sdk1.3/bin/i386/native_threads/java -classic -jar speakpad.jar 24273 pts/5S 0:00 /usr/lib/j2sdk1.3/bin/i386/native_threads/java -classic -jar speakpad.jar 24274 pts/5S 0:00 /usr/lib/j2sdk1.3/bin/i386/native_threads/java -classic -jar speakpad.jar 24275 pts/5S 0:00 /usr/lib/j2sdk1.3/bin/i386/native_threads/java -classic -jar speakpad.jar 24277 pts/5S 1:40 /usr/lib/j2sdk1.3/bin/i386/native_threads/java -classic -jar speakpad.jar 24278 pts/5S 0:00 /usr/lib/j2sdk1.3/bin/i386/native_threads/java -classic -jar speakpad.jar 24279 pts/5S 0:03 /usr/lib/j2sdk1.3/bin/i386/native_threads/java -classic -jar speakpad.jar 24319 pts/5S 2:03
Re: Something fishy is going on
* Bill Wohler ([EMAIL PROTECTED]) wrote: A fish just swam across my screen. What the hell is up with that? I kid you not. There was a thread on this a week or so ago. It's apparently an easter egg in Gnome. Enjoy, Mike
Re: Something fishy is going on
On Thu, 23 Aug 2001, Bill Wohler wrote: A fish just swam across my screen. What the hell is up with that? No need to panic, it's a Gnome easter egg. Unless you're not running Gnome.
Re: Something fishy is going on
Jeez, this has popped up on the list A LOT lately ... check the archives. It's an apparently harmless Gnome Easter Egg. Poor Wanda has come in for a lot of paranoia the last month or so! :) Glenn Becker On Thu, 23 Aug 2001, Bill Wohler wrote: A fish just swam across my screen. What the hell is up with that? I kid you not. Here are the current processes. I just updated woody for the first time in a month. Do any of these processes now send up a fish every now and again, or have I been broken into? It looked a lot like /usr/share/pixmaps/gnome-fish.png but was pointing to the right (and swam from left to right). PID TTY STAT TIME COMMAND 1 ?S 0:09 init [2] 2 ?SW 0:00 [keventd] 3 ?SW 1:40 [kswapd] 4 ?SW 0:00 [kreclaimd] 5 ?SW 0:04 [bdflush] 6 ?SW 0:15 [kupdated] 8 ?SW 0:00 [khubd] 136 ?S 0:00 /sbin/portmap 274 ?S 0:13 /sbin/syslogd 277 ?S 0:00 /sbin/klogd 285 ?S 0:00 /sbin/rpc.statd 293 ?S 0:00 /usr/sbin/gpm -m /dev/mouse -t ps2 314 ?S 0:00 /usr/sbin/inetd 329 ?S 0:00 lpd Waiting 370 ?S 0:00 /usr/lib/postgresql/bin/postmaster -D /var/lib/postgres/data 376 ?S 0:00 /usr/sbin/rwhod -b 378 ?S 0:00 /usr/sbin/rwhod -b 479 ?S 0:01 /usr/sbin/sshd 486 ?S 0:00 /usr/bin/X11/xfs -daemon 499 ?SL 0:00 /usr/sbin/ntpd 501 ?SL 0:00 /usr/sbin/ntpd 503 ?SL 0:00 /usr/sbin/ntpd 504 ?S 0:00 /usr/sbin/atd 507 ?S 0:01 /usr/sbin/cron 553 ?S 0:00 /usr/bin/vmnet-bridge -d /var/run/vmnet-bridge-0.pid /dev/vmnet0 eth0 568 ?S 0:00 /usr/bin/vmnet-netifup -d /var/run/vmnet-netifup-vmnet1.pid /dev/vmnet1 vmnet1 584 ?S 0:00 /usr/bin/vmnet-dhcpd -cf /etc/vmware/vmnet1/dhcpd/dhcpd.conf -lf /etc/vmware/vmnet1/dhcpd/dhcpd.leases -pf /var/run/vmnet-dhcpd-vmnet1.pid vmnet1 597 ?S 0:00 /usr/bin/gdm 600 tty1 S 0:00 /sbin/getty 38400 tty1 601 tty2 S 0:00 /sbin/getty 38400 tty2 602 tty3 S 0:00 /sbin/getty 38400 tty3 603 tty4 S 0:00 /sbin/getty 38400 tty4 604 tty5 S 0:00 /sbin/getty 38400 tty5 605 ?S27:13 /usr/bin/X11/X vt7 -deferglyphs 16 -auth /var/lib/gdm/:0.Xauth :0 606 tty6 S 0:00 /sbin/getty 38400 tty6 607 ?S 0:00 /usr/bin/gdm 618 ?S 0:02 /usr/bin/gnome-session --purge-delay=15000 688 ?S 0:00 /usr/bin/ssh-agent -- /usr/bin/gnome-session --purge-delay=15000 692 ?S 0:04 gnome-smproxy --sm-config-prefix /.gnome-smproxy-xpu7If/ --sm-client-id 11d1e910b09943871450177370015 694 ?S 2:02 enlightenment -smfile /home/wohler/.enlightenment/...e_session-XX -smid 11d1e910b09926165970165750012 -econfdir /home/wohler/.enlightenment -ecachedir /home/wohler/.enlightenment 716 ?S 0:01 gmc --sm-config-prefix /gmc-B5TaG2/ --sm-client-id 11d1e910b09526773010217920009 718 ?S 4:52 esd -nobeeps 724 ?S 0:25 panel --sm-config-prefix /panel.d/default-sVIYjX/ --sm-client-id 11d1e910b09956802520007410006 729 ?S 0:04 jpilot 736 ?S 13:20 emacs 738 ?S 0:10 xwrits 742 ?S 0:07 xfaces 745 ?S 0:00 gnome-name-service 748 ?S 0:03 Eterm --console --name console --exec su - 752 ?S 0:11 Eterm --name gbr 842 pts/5S 0:00 -su 881 ?S 0:12 sendmail: accepting connections 882 pts/7S 0:04 -bash 915 ?S 0:01 mixer_applet --activate-goad-server mixer_applet --goad-fd 10 917 ?S 0:14 gnomexmms --activate-goad-server gnomexmms --goad-fd 10 934 ?S 0:03 asclock_applet --activate-goad-server asclock_applet --goad-fd 14 1655 ?SN 0:37 /usr/sbin/netsaint /etc/netsaint/netsaint.cfg 22854 pts/5S 0:41 emacs 22860 ?S 0:00 /usr/local/lib/emacs/21.0.103/i686-pc-linux-gnu/emacsserver 23828 ?S 0:00 /usr/bin/ispell -a -m -B 24227 pts/5S 0:00 /bin/bash /usr/bin/vvstartdictation 24234 pts/5S 0:11 /usr/lib/j2sdk1.3/bin/i386/native_threads/java -classic -jar speakpad.jar 24272 pts/5S 0:00 /usr/lib/j2sdk1.3/bin/i386/native_threads/java -classic -jar speakpad.jar 24273 pts/5S 0:00 /usr/lib/j2sdk1.3/bin/i386/native_threads/java -classic -jar speakpad.jar 24274 pts/5S 0:00 /usr/lib/j2sdk1.3/bin/i386/native_threads/java -classic -jar speakpad.jar 24275 pts/5S 0:00 /usr/lib/j2sdk1.3/bin/i386/native_threads/java -classic -jar speakpad.jar 24277
Re: Something fishy is going on
Bill Wohler wrote: A fish just swam across my screen. What the hell is up with that? [...] Here are the current processes. [...] PID TTY STAT TIME COMMAND [...] 597 ?S 0:00 /usr/bin/gdm 607 ?S 0:00 /usr/bin/gdm 618 ?S 0:02 /usr/bin/gnome-session --purge-delay=15000 688 ?S 0:00 /usr/bin/ssh-agent -- /usr/bin/gnome-session --purge-delay=15000 692 ?S 0:04 gnome-smproxy --sm-config-prefix /.gnome-smproxy-xpu7If/ --sm-client-id 11d1e910b09943871450177370015 724 ?S 0:25 panel --sm-config-prefix /panel.d/default-sVIYjX/ --sm-client-id 11d1e910b09956802520007410006 745 ?S 0:00 gnome-name-service Well, you're obviously running GNOME. The fish is a GNOME Easter egg. I'm jealous. I've been running GNOME for a long time and I've _never_ seen this fish! Craig
Re: Something fishy is going on
Warning: New Distributed Denial of Service attack on the loose! Synopsis: In a dastardly clever (yet simple) scheme, a new DDOS is attaching Linux newsgroups at an increasing rate. Artfully designed to capitalize on user paranoia following the massive hype surounding the Code Red family of worms, this program simply startles the user by having a fish swim across their desktop at some unpredictable time. Upon receiving this signal, the PC user will respond in one of three modes, depending on the time of day: Sleep mode: If the victim is infected late at night, the user will attribute the apparition to too much caffeene and not enough sleep. Result: user sleeps indefinately. Propagation mode: If the user is infected during the workday, the user will attempt to reproduce the phenomanon, possibly on neighboring systems. Attack mode: If inected during the late afternoon or evening, the user will transfer a SMTP message to a mailing list. The result is to trigger a small transfer of data on said list as other clients attempt to handle the data. Although the attack mode is of low traffic, we anticipate that the cumulative result of many thousands of clients will eventually bring the Internet to a halt. The client behavior after the attack is currently unresearched. A group is studying the possibilty of constructing a fishbowl, so that more detailed analysis may be conducted. Suggested Snort rules: alert tcp any any - $HOME_NET 25 (msg:Wanda Infection detected!; content:fish;) alert tcp any any - $HOME_NET 25 (msg:Wanda DDOS response detected!; content:Gnome Easter Egg;) Remedy: Applying procmail rules to filter the initiating email may help limit the response to the email probe message. Unfortunately, this will not be effective unless adopted on a wide scale. /funny --Rich [EMAIL PROTECTED] wrote: Jeez, this has popped up on the list A LOT lately ... check the archives. It's an apparently harmless Gnome Easter Egg. Poor Wanda has come in for a lot of paranoia the last month or so! :) Glenn Becker -- _ Rich Puhek ETN Systems Inc. _
Re: Something fishy is going on
On Thu, Aug 23, 2001 at 06:50:57PM -0700, Craig Dickson wrote: I'm jealous. I've been running GNOME for a long time and I've _never_ seen this fish! AOL -- Nathan Norman - Staff Engineer | A good plan today is better Micromuse Ltd. | than a perfect plan tomorrow. mailto:[EMAIL PROTECTED] | -- Patton pgpMQzz1bF8R3.pgp Description: PGP signature
Re: Something fishy is going on
[EMAIL PROTECTED] writes: [The fish is] an apparently harmless Gnome Easter Egg. That was my suspicion given that it was similar to images already on the system. It sure took me by surprise though. Especially after a VERY long day of hacking--oh, wait, don't let Openwave hear that--that would be called engineering. My head hurt. My butt hurt. My wrists hurt. I was very, very tired. I thought I was hallucinating. Random, or was it some happenchance keystroke? -- Bill Wohler [EMAIL PROTECTED] http://www.newt.com/wohler/ GnuPG ID:610BD9AD Maintainer of comp.mail.mh FAQ and mh-e. Vote Libertarian! If you're passed on the right, you're in the wrong lane.