I noticed tonight as I was about to get off the computer and head for
bed that the network meter on my taskbar was still showing a bit of
activity. And while I did notice the Sarge upgrade has changed the
way the network meter shows traffic, making it look like more than it
is, the network switch agreed with this constant stream as well. Looking
at the meter on the taskbar, we're only talking a little under 0.5kbp/s.

But, looking at the output of netstat, I noticed the following entry:

Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address  Foreign Address  State
tcp        0      0 jacob.6texans.net:42799 xenon.hscs.Virgi:telnet

All the other entries list an ip address or FQDN. Furthermore, I don't
have a Telnet server installed on this computer and I'm not connected to
any other computers via telnet. This computer is on an internal network
protected by a Debian Woody firewall box.

A run of chkrootkit didn't turn up anything, but I can't think of any
other reason to still be seeing traffic.

Any thought, hints, tips?


