From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1OkkO4-0000D4-V8 for garchives@archives.gentoo.org; Sun, 15 Aug 2010 21:05:02 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8A7ADE07B5 for ; Sun, 15 Aug 2010 21:05:00 +0000 (UTC) Received: from mail-qw0-f53.google.com (mail-qw0-f53.google.com [209.85.216.53]) by pigeon.gentoo.org (Postfix) with ESMTP id B77DBE04F2 for ; Sun, 15 Aug 2010 20:55:24 +0000 (UTC) Received: by qwe5 with SMTP id 5so5088039qwe.40 for ; Sun, 15 Aug 2010 13:55:24 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:content-type; bh=5pFmkb2MPS7PbvbqYI4sntLr7lh3UufWX0fTua+SPRs=; b=R2xb9pCWSmZ2s+mW9KfTQ5w/f14A3pEhCIhTlOcBINwQhrjxZ37c27IJWUntJEC4Xd dm5ydq3yi/YYjdqMF+iAcTsEPe/P+d8MVo3RJ7mX494z1IAqWOsMdV1AKDtXESQv38fr SEx+upxEwuVx4gcQsN/n+wWsPmHu9jqb2RAJo= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:content-type; b=vOhecH773mDeWkjhDb/erdVssocL+k0oMYJmYNHGbCAezPzvY7MssBf4PyIAM8EFIT x38d0IbBWBJdO0F+v1ssBP0EvvcH0h5IOmec5Dc9DSu0zAnMJb0tlJaqpMGhUNJkwnXC vEa11M0wwPDyTgg+hUnwux6821eUgWs82Cv7A= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 Received: by 10.224.45.134 with SMTP id e6mr2720454qaf.236.1281905723886; Sun, 15 Aug 2010 13:55:23 -0700 (PDT) Sender: paul.hartman@gmail.com Received: by 10.229.238.21 with HTTP; Sun, 15 Aug 2010 13:55:23 -0700 (PDT) In-Reply-To: <4C684F59.3040903@gmail.com> References: <4C684F59.3040903@gmail.com> Date: Sun, 15 Aug 2010 15:55:23 -0500 X-Google-Sender-Auth: IxVhYgsmBsXrqSeCKKdSY9Atrhk Message-ID: Subject: Re: [gentoo-user] Yahoo and strange traffic. From: Paul Hartman To: gentoo-user@lists.gentoo.org Content-Type: text/plain; charset=ISO-8859-1 X-Archives-Salt: 2616a27d-b1b9-4104-a7d3-5de7b6e3243c X-Archives-Hash: 92e9afb28f778806a439465bdd7c4363 On Sun, Aug 15, 2010 at 3:34 PM, Dale wrote: > Hi folks, > > I been noticing the past few weeks that something is communicating with > Yahoo at these addresses: > > cs210p2.msg.sp1.yahoo.com > > rdis.msg.vip.sp1.yahoo.com > > I thought it was Kopete getting some info, profile pics maybe, from the > server. Thing is, it does this for a really long time. It is also SENDING > data as well. I have no idea why it is doing this or what it is sending. I > closed the Kopete app but the data still carries on. This "transfer" has > been going for a while now and the only way I can stop it is to stop the > network, wait a minute or two for it to time out and then restart the > network. > > Anybody have any idea what the heck this is? Is Yahoo up to something? > Some new security issue that I haven't heard of? I think it's normal. The first address is one of their pool of messaging servers and the second is a web server, probably like you said for retrieving additional info. The sending of data could be the http request, or updating your status/picture/whatever kopete may be doing. You could try blocking it and see what breaks. :)