Re: mysterious/suspicious internet activity.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



(I sent this to the list three times in the past two days; it apparently never arrived, and it did not bounce.)

I rebooted, and did a few netstat's and an iftop while the workstation was "quiet".  I pasted output from 2 netstat runs into a text file.

I paused the iftop display many times to grab line pairs of interest, and pasted those into the text file that has the netstat runs.

The text file is at the bottom of this message.

Most of the entries in the iftop display involve comcast, my internet service provider.  Quite a few unexpected addresses also show up in iftop.  A few questions come to mind...

A few years ago, I saw in the system journal numerous log-in attempts by outsiders from all over the world, and opened a thread about that.  Now such attempts are blocked by the firewall.  If an outsider tries to communicate with my workstation, and the firewall blocks the attempt, will the attempt show up in the network activity panel of ksysguard? Will that attempt show up in the iftop display?

Bill. 

--------------- begin text file ---------------
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name
tcp        0      0 coyote:domain           0.0.0.0:*               LISTEN      root       31188      1084/dnsmasq
tcp        0      0 0.0.0.0:ipp             0.0.0.0:*               LISTEN      root       22447      947/cupsd
tcp        0      0 localhost:smtp          0.0.0.0:*               LISTEN      root       39031      1680/sendmail: acce
tcp6       0      0 [::]:ipp                [::]:*                  LISTEN      root       22448      947/cupsd
udp        0      0 0.0.0.0:mdns            0.0.0.0:*                           avahi      22058      748/avahi-daemon: r
udp        0      0 coyote:domain           0.0.0.0:*                           root       31187      1084/dnsmasq
udp        0      0 0.0.0.0:bootps          0.0.0.0:*                           root       31184      1084/dnsmasq
udp        0      0 c-98-245-12-4.hs:bootpc denv01dhcp-ho-02:bootps ESTABLISHED root       29795      862/NetworkManager
udp        0      0 localhost:323           0.0.0.0:*                           root       25199      763/chronyd
udp        0      0 0.0.0.0:58501           0.0.0.0:*                           avahi      22060      748/avahi-daemon: r
udp6       0      0 [::]:mdns               [::]:*                              avahi      22059      748/avahi-daemon: r
udp6       0      0 localhost:323           [::]:*                              root       25200      763/chronyd
udp6       0      0 coyote:dhcpv6-client    [::]:*                              root       30632      862/NetworkManager
udp6       0      0 [::]:33746              [::]:*                              avahi      22061      748/avahi-daemon: r
bash.5[~]: netstat -atuevp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name
tcp        0      0 coyote:domain           0.0.0.0:*               LISTEN      root       31188      1084/dnsmasq
tcp        0      0 0.0.0.0:ipp             0.0.0.0:*               LISTEN      root       22447      947/cupsd
tcp        0      0 localhost:smtp          0.0.0.0:*               LISTEN      root       39031      1680/sendmail: acce
tcp6       0      0 [::]:ipp                [::]:*                  LISTEN      root       22448      947/cupsd
udp        0      0 0.0.0.0:mdns            0.0.0.0:*                           avahi      22058      748/avahi-daemon: r
udp        0      0 coyote:domain           0.0.0.0:*                           root       31187      1084/dnsmasq
udp        0      0 0.0.0.0:bootps          0.0.0.0:*                           root       31184      1084/dnsmasq
udp        0      0 c-98-245-12-4.hs:bootpc denv01dhcp-ho-02:bootps ESTABLISHED root       29795      862/NetworkManager
udp        0      0 localhost:323           0.0.0.0:*                           root       25199      763/chronyd
udp        0      0 0.0.0.0:58501           0.0.0.0:*                           avahi      22060      748/avahi-daemon: r
udp6       0      0 [::]:mdns               [::]:*                              avahi      22059      748/avahi-daemon: r
udp6       0      0 localhost:323           [::]:*                              root       25200      763/chronyd
udp6       0      0 coyote:dhcpv6-client    [::]:*                              root       30632      862/NetworkManager
udp6       0      0 [::]:33746              [::]:*                              avahi      22061      748/avahi-daemon: r
bash.6[~]:

-----
some captured iftop lines
-----

c-98-245-12-4.hsd1.co.comcast.net    => 172.86.179.85                                                    0b       0b     15b
                                     <=                                                                  0b       0b     15b

c-98-245-12-4.hsd1.co.comcast.net    => aksdefk.cn                                                       0b       0b     15b
                                     <=                                                                  0b       0b      9b

c-98-245-12-4.hsd1.co.comcast.net    => ns570281.ip-51-161-12.net                                        0b       0b     14b
                                     <=                                                                  0b       0b      9b

c-98-245-12-4.hsd1.co.comcast.net    => 167.71.161.95                                                    0b       0b     14b
                                     <=                                                                  0b       0b      9b

c-98-245-12-4.hsd1.co.comcast.net    => HOST.DNANUTRITIONCENTER.ORG                                      0b      0b     14b
                                     <=                                                                  0b      0b      9b

c-98-245-12-4.hsd1.co.comcast.net    => 45.129.33.180                                                    0b       0b     14b
                                     <=                                                                  0b       0b      9b

c-98-245-12-4.hsd1.co.comcast.net    => 78.171.35.99.dynamic.ttnet.com.tr                                0b       0b     14b
                                     <=                                                                  0b       0b      9b

c-98-245-12-4.hsd1.co.comcast.net    => 99-104-170-138.lightspeed.lsvlky.sbcglobal.net                   0b       0b     15b
                                     <=                                                                  0b       0b     15b

c-98-245-12-4.hsd1.co.comcast.net    => sarasvati.sattvik.com                                            0b       0b     15b
                                     <=                                                                  0b       0b     15b

c-98-245-12-4.hsd1.co.comcast.net    => 80.82.68.29                                                      0b       0b     14b
                                     <=                                                                  0b       0b      9b

c-98-245-12-4.hsd1.co.comcast.net    => 31.20.97.83.ro.ovo.sc                                            0b      54b     14b
                                     <=                                                                  0b     37b       9b

c-98-245-12-4.hsd1.co.comcast.net    => 121.23.133.254                                                 272b     54b     14b
                                     <=                                                                184b     37b       9b

coyote                               => proxy09.fedoraproject.org                                        0b    426b    107b
                                     <=                                                                  0b    625b    156b

c-98-245-12-4.hsd1.co.comcast.net    => proxy13-rdu02.fedoraproject.org                                  0b       0b     83b
                                     <=                                                                  0b      0b    136b

c-98-245-12-4.hsd1.co.comcast.net    => scanner-01.ch1.censys-scanner.com                                0b       0b     14b
                                     <=                                                                  0b       0b      9b

c-98-245-12-4.hsd1.co.comcast.net    => zg-0915b-89.stretchoid.com                                       0b       0b     14b
                                     <=                                                                  0b       0b      9b

c-98-245-12-4.hsd1.co.comcast.net    => 138.99.216.104                                                   0b       0b     14b
                                     <=                                                                  0b       0b      9b

c-98-245-12-4.hsd1.co.comcast.net    => 31.184.215.57                                                    0b       0b     14b
                                     <=                                                                  0b       0b      9b

c-98-245-12-4.hsd1.co.comcast.net    => scanner.openportstats.com                                        0b       0b     14b
                                     <=                                                                  0b       0b      9b

c-98-245-12-4.hsd1.co.comcast.net    => ec2-13-229-78-217.ap-southeast-1.compute.amazonaws.com           0b      32b      8b
                                     <=                                                                  0b     37b       9b

c-98-245-12-4.hsd1.co.comcast.net    => 96.120.119.53                                                    0b       0b      0b
                                     <=                                                                  0b       0b    150b

c-98-245-12-4.hsd1.co.comcast.net    => www.arbor-observatory.com                                        0b       0b      0b
                                     <=                                                                  0b      37b      9b

c-98-245-12-4.hsd1.co.comcast.net    => zg-0915a-345.stretchoid.com                                      0b      54b     14b
                                     <=                                                                  0b     37b      9b

c-98-245-12-4.hsd1.co.comcast.net    => 203.166.213.199                                                  0b      54b     14b
                                     <=                                                                  0b     37b       9b

c-98-245-12-4.hsd1.co.comcast.net    => scan-02a.shadowserver.org                                        0b     54b     14b
                                     <=                                                                  0b     37b       9b

c-98-245-12-4.hsd1.co.comcast.net    => worker-01.sfj.censys-scanner.com                                 0b       0b     14b
                                     <=                                                                  0b      0b      9b

c-98-245-12-4.hsd1.co.comcast.net    => ip-113-42.4vendeta.com                                           0b      54b     14b
                                     <=                                                                  0b     37b       9b

c-98-245-12-4.hsd1.co.comcast.net    => no-mans-land.m247.com                                            0b      54b     14b
                                     <=                                                                  0b     37b       9b

c-98-245-12-4.hsd1.co.comcast.net    => 109x194x3x165.static-customer.bryansk.ertelecom.ru               0b     54b     14b
                                     <=                                                                  0b     37b       9b


-----
some ip address first fields
-----

31
45
78
80
96
99
121
138
152
167
172
197
203
--------------- end text file ---------------
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux