Hi First time on the list. I fired up FC1 yesterday to update from Fedora Legacy. Before I had a chance to do this I saw a lot of incoming traffic on Gkrellm. Netstat -a showed it had been initiated from FC1. First there was a connection from: 192.169.0.228 32772 ( yoda.easynet.fr ) ESTABLISHED This ran for about 15 mins. Then. 192.168.0.228 32795 ( www02.eis.inet6.fr ) ESTABLISHED
Please don't access these sites. They are here for info only, and may be really dodgy. To my knowledge I have never been on these sites, but tried them when I saw them on netstats output. The first appears to be a file server with Linux stuff on it. The second said in large upper case letters "YOU SHOULD NOT BE READING THIS PAGE". I installed rkhunter-1.2.8.tar.gz. Ran it, but it didn't find anything suspicious. Tried to update the DB, but I have some problems there, and it can't update the DB, it's complaining about mirrors, and there are no mirrors in /usr/local/rkhunter/lib/rkhunter/db. I've booted up FC1 again tonight, and immediately started Ethereal. After about 40 mins I started getting incoming traffic again. Ran netstat -a , and got: tcp 0 0 192.168.0.228:32777 www01.ies.inet6.fr:http ESTABLISHED This traffic ran for a while. The last ouput from netstat -a after the traffic had ceased was: tcp 0 0 localhost.localdo:32778 localhost. localdom:3310 TIME_WAIT Interestingly there is an entry: tcp 0 0 localhost. localdom:3310 *:* LISTEN FC1 is now getting security updates from Fedora Legacy, so Redhats up2date would not be phoning home. NTP is running on the machine, but again, I know the servers it's accessing, and only a few bytes transfer each time they're accessed. The only other app is Clamav's Freshclam getting updates, but as 2 different sites were being accessed this doesn't make any sense. Anyone any suggestions? Perhaps I'm just being paranoid. btw. I also installed rkhunter-1.2.8.tar.gz on 1 of my FC2 installs, and ran /usr/local/bin/rkhunter --update before doing anything else. This updated the DB ok, and running rkhunter -c showed an all clear. Nigel. Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
