On Tuesday 04 July 2006 01:19, unspawn wrote: > Hello, > > On Mon, 3 Jul 2006, nigel henry wrote: > > Hi First time on the list. I fired up FC1 yesterday to update from Fedora > > Legacy. Before I had a chance to do this I saw a lot of incoming traffic > > on Gkrellm. Netstat -a showed it had been initiated from FC1. First there > > was a connection from: > > 192.169.0.228 32772 ( yoda.easynet.fr ) ESTABLISHED > > This ran for about 15 mins. > > Then. > > 192.168.0.228 32795 ( www02.eis.inet6.fr ) ESTABLISHED > > I don't think this is an issue for this mailinglist, but OK. > You left out some information like server source port (likely SMTP, POP3 > or HTTP) which could help explain things, so with what little I see here I > could speculate but that wouldn't help you. If you run netstat with the > "-p" flag you get the PID/processname combo of the connection which could > help explain things (provided the processname is what it sez it is etc, > etc). > > > Cheers, unSpawn
Apologies about being slow replying, and for posting a question not directly related to rkhunter. I was probably being a bit paranoid. It appears that these mysterious outgoing requests (phoning home) are to do with clamav's clamd. Netstat -a -p shows: tcp 0 0 localhost.localdomain:3310 *:* LISTEN 4088/clamd Doing a whois for 2 addresses from the Ethereal capture got me: 212.180.1.29 yoda.easynet.fr 195.214.240.53 mirror.waycom.net The second one is clearly connected with clamav, as the mirrors list on the clamav site show that one. I've also fixed the problem of not being able to update the DB, by removing rkhunter and reinstalling. For some reason all the mirrors were missing from mirrors,dat, and thus causing the problem. Thanks for your help. Nigel. > > > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job > easier Download IBM WebSphere Application Server v.1.0.1 based on Apache > Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Rkhunter-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/rkhunter-users Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Rkhunter-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/rkhunter-users
