From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1HGeB8-0005IP-3Y for garchives@archives.gentoo.org; Mon, 12 Feb 2007 16:37:22 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l1CGaEdQ010069; Mon, 12 Feb 2007 16:36:14 GMT Received: from Princeton.EDU (postoffice05.Princeton.EDU [128.112.131.199]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l1CGVcYd004725 for ; Mon, 12 Feb 2007 16:31:39 GMT Received: from smtpserver2.Princeton.EDU (smtpserver2.Princeton.EDU [128.112.129.148]) by Princeton.EDU (8.13.8/8.13.8) with ESMTP id l1CGValr003054 for ; Mon, 12 Feb 2007 11:31:36 -0500 (EST) Received: from sep.dynalias.net (fez.Princeton.EDU [128.112.129.190]) (authenticated bits=0) by smtpserver2.Princeton.EDU (8.12.9/8.12.9) with ESMTP id l1CGVZeC006003 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NOT) for ; Mon, 12 Feb 2007 11:31:35 -0500 (EST) Received: by sep.dynalias.net (Postfix, from userid 1001) id AE07D293506; Mon, 12 Feb 2007 11:33:14 -0500 (EST) Date: Mon, 12 Feb 2007 11:33:14 -0500 From: Willie Wong To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Re: Did I just get hacked??? Message-ID: <20070212163314.GA8577@princeton.edu> Mail-Followup-To: gentoo-user@lists.gentoo.org References: <49bf44f10702101827k199bf270yfb65ed1f4f5195e0@mail.gmail.com> <1171165124.381.9.camel@blackwidow.nbk> <8d634f4f0702102006w78f419acp14ddc64a8652693d@mail.gmail.com> <49bf44f10702111958i4624e0den3d76c0db7d2a5dde@mail.gmail.com> <20070212093247.4278812c@pascal.spore.ath.cx> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20070212093247.4278812c@pascal.spore.ath.cx> User-Agent: Mutt/1.5.13 (2006-08-11) X-Archives-Salt: 95953d56-276e-42c0-9221-4699105a9167 X-Archives-Hash: d80f6a14dc49a9087a98ce3b6393becf On Mon, Feb 12, 2007 at 09:32:47AM -0600, Penguin Lover Dan Farrell squawked: > > I can see in an xfce4 panel plugin that there is constantly a small > > amount of incoming/outgoing traffic to/from the affected system when > > there is no reason I know of for it. netstat doesn't show anything > > that jumps out at me although this is the first time I've really used > > it. All of the current netstat connections appear to be UNIX as > > opposed to Internet. Should I paste them in? > > > > - Grant > > [Error decoding BASE64] > nope, they're all local socket connections. What kind of traffic are > you seeing, i mean how much? Ever heard of tcpdump? also, what about netstat --ip, that should omit the local sockets. W -- Pintsize: Nooooooo! I'm lactose intolerant! Sortir en Pantoufles: up 66 days, 14:50 -- gentoo-user@gentoo.org mailing list