Alan McKinnon wrote:
On Sunday 15 August 2010 22:55:23 Paul Hartman wrote:
On Sun, Aug 15, 2010 at 3:34 PM, Dale<rdalek1...@gmail.com> wrote:
Hi folks,
I been noticing the past few weeks that something is communicating with
Yahoo at these addresses:
cs210p2.msg.sp1.yahoo.com
rdis.msg.vip.sp1.yahoo.com
I thought it was Kopete getting some info, profile pics maybe, from the
server. Thing is, it does this for a really long time. It is also
SENDING data as well. I have no idea why it is doing this or what it is
sending. I closed the Kopete app but the data still carries on. This
"transfer" has been going for a while now and the only way I can stop it
is to stop the network, wait a minute or two for it to time out and then
restart the network.
Anybody have any idea what the heck this is? Is Yahoo up to something?
Some new security issue that I haven't heard of?
I think it's normal.
The first address is one of their pool of messaging servers and the
second is a web server, probably like you said for retrieving
additional info. The sending of data could be the http request, or
updating your status/picture/whatever kopete may be doing. You could
try blocking it and see what breaks. :)
Dale,
It could also be a weather map, or any number of widgets that get data from
the intartubes.
netstat with -p can help track down the app that has the connection open
OK. It finally started doing it again. Here is the short version of
netstat -p. It looks like kopete but what in the heck is it sending and
receiving?
r...@smoker / # netstat -p
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 192.168.1.2:43577 rdis.msg.vip.sp1.y:http
TIME_WAIT -
tcp 0 0 192.168.1.2:43438 rdis.msg.vip.sp1.y:http
TIME_WAIT -
tcp 0 0 192.168.1.2:52423 cs204p1.msg.sp1.ya:5050
ESTABLISHED 9968/kopete
tcp 0 0 192.168.1.2:43490 rdis.msg.vip.sp1.y:http
TIME_WAIT -
tcp 0 1 192.168.1.2:43586 rdis.msg.vip.sp1.y:http
SYN_SENT 18971/kopeteFc9968.
tcp 0 0 localhost:60971 localhost:nut
ESTABLISHED 9578/upsmon
tcp 1 1 192.168.1.2:43584 rdis.msg.vip.sp1.y:http
CLOSING -
tcp 0 0 192.168.1.2:43558 rdis.msg.vip.sp1.y:http
TIME_WAIT -
tcp 0 0 192.168.1.2:48301 cs201p1.msg.sp1.ya:5050
ESTABLISHED 9968/kopete
tcp 0 0 192.168.1.2:43523 rdis.msg.vip.sp1.y:http
TIME_WAIT -
tcp 0 0 localhost:nut localhost:60971
ESTABLISHED 9640/upsd
tcp 0 0 192.168.1.2:42517 cs215p2.msg.ac4.ya:5050
ESTABLISHED 9968/kopete
tcp 0 0 192.168.1.2:43462 rdis.msg.vip.sp1.y:http
TIME_WAIT -
tcp 0 0 192.168.1.2:43516 rdis.msg.vip.sp1.y:http
TIME_WAIT -
tcp 0 0 192.168.1.2:43479 rdis.msg.vip.sp1.y:http
TIME_WAIT -
tcp 0 0 192.168.1.2:43405 rdis.msg.vip.sp1.y:http
TIME_WAIT -
tcp 0 0 192.168.1.2:43483 rdis.msg.vip.sp1.y:http
TIME_WAIT -
tcp 0 0 192.168.1.2:43563 rdis.msg.vip.sp1.y:http
TIME_WAIT -
tcp 0 0 192.168.1.2:43487 rdis.msg.vip.sp1.y:http
TIME_WAIT -
tcp 0 0 192.168.1.2:43483 rdis.msg.vip.sp1.y:http
TIME_WAIT -
tcp 0 0 192.168.1.2:43563 rdis.msg.vip.sp1.y:http
TIME_WAIT -
tcp 0 0 192.168.1.2:43487 rdis.msg.vip.sp1.y:http
TIME_WAIT -
One other question, if this is kopete, how does it keep
sending/receiving after I have closed the kopete app?
This is weird. Kopete and Yahoo have not done this before.
Dale
:-) :-)
