Another suggestion, get Wireshark for sniffing traffic, run a sniffer trace as you are using the machine. You'll want to capture any IP (layer 3) traffic leaving or entering your machine (may want to setup filters to reduce capture size). This may be a way to start your analysis. Disable any services (daemons) running on the machine that are not required with a listening port: sudo netstat -tulpn | grep LISTEN above will display listening ports This is at least a start Frank On Thu, Feb 20, 2020 at 5:50 PM home user <mattisonw@xxxxxxxxxxx> wrote: > > (on 02/20/2020 at 2:10pm mountain time, Ed said) > > > Do you have a fixed IP or dynamic IP? > > I believe it's fixed, provided by the ISP (comcast). > > > What services do you run on your system? It helps to know what area > you're concerned with. > > * Firefox, Thunderbird, Tor (rarely), dnf, zoom (for meetings). (What > counts as "services" here?) > * Other uses of internet are "under the hood" and mostly > unknown/invisible to me. > * Oddball: when logged in as root, and I launch a terminal, several > seconds later, I see a short wave of internet activity; this is very > consistent. What's going on there? > * No one is authorized to connect in from outside; I myself do not try > to do so. > > This morning, I got 2 messages from the bank saying 2 attempts to make > purchases via paypal were rejected because the card had not yet been > activated. I called the bank. The messages were legitimate. Curious: > the card is near expiration, and a new one (same number) had just been > made/mailed. The bank then de-activated the card. I do not know what > other personal info the malicious person/group got, where the info came > from, or who the malicious person/group is. I think it wise for me to > check that no one is getting into my system. Thus this thread. By the > way, both chkrootkit and rkhunter reported my system is clean later this > morning. I do realize they don't check everything. > > I'll try Frank's suggestion and respond to him later; I'm researching it > first. > > Bill. > _______________________________________________ > users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx > To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx > Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
