From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OklLE-0004lf-WC for garchives@archives.gentoo.org; Sun, 15 Aug 2010 22:06:13 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 33488E0782 for ; Sun, 15 Aug 2010 22:06:08 +0000 (UTC) Received: from mail-wy0-f181.google.com (mail-wy0-f181.google.com [74.125.82.181]) by pigeon.gentoo.org (Postfix) with ESMTP id 63A80E0636 for ; Sun, 15 Aug 2010 21:32:43 +0000 (UTC) Received: by wyf28 with SMTP id 28so6104764wyf.40 for ; Sun, 15 Aug 2010 14:32:42 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:reply-to:to:subject:date :user-agent:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; bh=Cm6c+btVL4jqVAF0RVFGgyO1SOPDCZc3YcIan7BcIL4=; b=JVZM1NlL/V/TM/qm78OZbvuLnKht/h7na3jVzbKLRyrnO/VZMcKaqVODSmzeucFaYS 23k1J+uhqgFCTJsNzCQMBJwuYr3XxVzMWH0QqUCYjPhLp5B8ETedH2X4ZqRS6Y6RINyj hKt50PForH/aQFI4AjpUK17IsIlpP+ejds1s0= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:reply-to:to:subject:date:user-agent:references:in-reply-to :mime-version:content-type:content-transfer-encoding:message-id; b=mgu47cx2D2Ji8fN8ruNY1Q1OvY/iO5Ndth9zoTX4DEc49n6mDODr5ueh9IKs/8iwjC NuybP2CQLrRRo4C7vHLLyzuVSRxAZ1rdJLiGAeTMh2QpckK7VBgoZX4JMqnimU/MP1Bg Qo2Lv7OS9iGhAc8CMx8KPlVZKWhQ5yANO4OQ0= Received: by 10.216.71.132 with SMTP id r4mr1847421wed.102.1281907962107; Sun, 15 Aug 2010 14:32:42 -0700 (PDT) Received: from (230.3.169.217.in-addr.arpa [217.169.3.230]) by mx.google.com with ESMTPS id p82sm2889716weq.3.2010.08.15.14.32.40 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 15 Aug 2010 14:32:41 -0700 (PDT) From: Mick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Yahoo and strange traffic. Date: Sun, 15 Aug 2010 22:32:31 +0100 User-Agent: KMail/1.13.5 (Linux/2.6.34-gentoo-r1; KDE/4.4.5; x86_64; ; ) References: <4C684F59.3040903@gmail.com> In-Reply-To: <4C684F59.3040903@gmail.com> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: multipart/signed; boundary="nextPart3476475.bQmhaVyg3X"; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-Transfer-Encoding: 7bit Message-Id: <201008152232.40568.michaelkintzios@gmail.com> X-Archives-Salt: 5ec586a6-1902-476d-967b-1e99bc0fb8be X-Archives-Hash: f67fdf12385ceb0b2b59d200c2872278 --nextPart3476475.bQmhaVyg3X Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable On Sunday 15 August 2010 21:34:33 Dale wrote: > Hi folks, >=20 > I been noticing the past few weeks that something is communicating with > Yahoo at these addresses: >=20 > cs210p2.msg.sp1.yahoo.com >=20 > rdis.msg.vip.sp1.yahoo.com >=20 > I thought it was Kopete getting some info, profile pics maybe, from the > server. Thing is, it does this for a really long time. It is also > SENDING data as well. I have no idea why it is doing this or what it is > sending. I closed the Kopete app but the data still carries on. This > "transfer" has been going for a while now and the only way I can stop it > is to stop the network, wait a minute or two for it to time out and then > restart the network. >=20 > Anybody have any idea what the heck this is? Is Yahoo up to something? > Some new security issue that I haven't heard of? What does your netstat show with respect to ports being used and what does= =20 tcpdump/tcpflow show? If it is Yahoo, you should see things that are relev= ant=20 and hopefully make sense. =2D-=20 Regards, Mick --nextPart3476475.bQmhaVyg3X Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.15 (GNU/Linux) iEYEABECAAYFAkxoXPgACgkQVTDTR3kpaLaVIwCcCl0+wRDNIu98KumMo4Ddb8w4 cy4An1I1vLW1THbwGdFRUpooyAd6V/lq =mWDw -----END PGP SIGNATURE----- --nextPart3476475.bQmhaVyg3X--