From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OklKC-0004iH-T4 for garchives@archives.gentoo.org; Sun, 15 Aug 2010 22:05:05 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id EDFA2E0789 for ; Sun, 15 Aug 2010 22:05:03 +0000 (UTC) Received: from mail-ew0-f53.google.com (mail-ew0-f53.google.com [209.85.215.53]) by pigeon.gentoo.org (Postfix) with ESMTP id D7763E050C for ; Sun, 15 Aug 2010 21:30:01 +0000 (UTC) Received: by ewy19 with SMTP id 19so2398852ewy.40 for ; Sun, 15 Aug 2010 14:30:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date :user-agent:references:in-reply-to:mime-version:content-type :content-transfer-encoding:message-id; bh=kbL3AfFZiVCt2F5AJXcbVedvALRNeMnF/9ha1Fn5ElA=; b=ZuB09VXuws1I8yhKEFkg5S7GffqufEmza9BrD5TozDpQ8CGeUp+5sysWAZT0jovV5a hXuDCbaEOUoochNGPqLHA2PiXhEmIwgAIDNC0jLW21Pcbvu91XL8/SUYgeQSaaZTHZ+S IHEeHqrC+YSKFKDA6CTQvE/DUulayFuyqmNsw= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:references:in-reply-to:mime-version :content-type:content-transfer-encoding:message-id; b=AqHp71iGrbK2e4eI7o5clZs1BY1yQ6I2Qz5wA0BTElXP4JZLnfKYdTBwQxut0j3cpv DDnn63UgGHiO5S3XC7gkyPPdI++uLxdfH/JJ2ZdDntg+NC5+96kcOIT/RdcFTNM5QTh7 BOLUa3Q9FaPco3ass7v8va8113+/QGv9t6gL8= Received: by 10.213.8.72 with SMTP id g8mr4033272ebg.65.1281907800891; Sun, 15 Aug 2010 14:30:00 -0700 (PDT) Received: from nazgul.localnet (196-210-202-152.dynamic.isadsl.co.za [196.210.202.152]) by mx.google.com with ESMTPS id z55sm8730897eeh.15.2010.08.15.14.29.55 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 15 Aug 2010 14:29:59 -0700 (PDT) From: Alan McKinnon To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Yahoo and strange traffic. Date: Sun, 15 Aug 2010 23:29:43 +0200 User-Agent: KMail/1.13.5 (Linux/2.6.34-ck-r1; KDE/4.4.5; x86_64; ; ) References: <4C684F59.3040903@gmail.com> In-Reply-To: Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Content-Type: Text/Plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Message-Id: <201008152329.44195.alan.mckinnon@gmail.com> X-Archives-Salt: a269559b-9c9a-4a26-b9cc-1923f0616a55 X-Archives-Hash: 691b8571915bdb8276254b43394074e2 On Sunday 15 August 2010 22:55:23 Paul Hartman wrote: > On Sun, Aug 15, 2010 at 3:34 PM, Dale wrote: > > Hi folks, > > > > I been noticing the past few weeks that something is communicating with > > Yahoo at these addresses: > > > > cs210p2.msg.sp1.yahoo.com > > > > rdis.msg.vip.sp1.yahoo.com > > > > I thought it was Kopete getting some info, profile pics maybe, from the > > server. Thing is, it does this for a really long time. It is also > > SENDING data as well. I have no idea why it is doing this or what it is > > sending. I closed the Kopete app but the data still carries on. This > > "transfer" has been going for a while now and the only way I can stop it > > is to stop the network, wait a minute or two for it to time out and then > > restart the network. > > > > Anybody have any idea what the heck this is? Is Yahoo up to something? > > > > Some new security issue that I haven't heard of? > > I think it's normal. > > The first address is one of their pool of messaging servers and the > second is a web server, probably like you said for retrieving > additional info. The sending of data could be the http request, or > updating your status/picture/whatever kopete may be doing. You could > try blocking it and see what breaks. :) Dale, It could also be a weather map, or any number of widgets that get data from the intartubes. netstat with -p can help track down the app that has the connection open -- alan dot mckinnon at gmail dot com