Re: mysterious/suspicious internet activity.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2020-12-02 at 16:09 +0000, home user wrote:
> --------------- begin text file ---------------
> Active Internet connections (servers and established)
> Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name
> tcp        0      0 coyote:domain           0.0.0.0:*               LISTEN      root       31188      1084/dnsmasq
> tcp        0      0 0.0.0.0:ipp             0.0.0.0:*               LISTEN      root       22447      947/cupsd
> tcp        0      0 localhost:smtp          0.0.0.0:*               LISTEN      root       39031      1680/sendmail: acce
> tcp6       0      0 [::]:ipp                [::]:*                  LISTEN      root       22448      947/cupsd
> udp        0      0 0.0.0.0:mdns            0.0.0.0:*                           avahi      22058      748/avahi-daemon: r
> udp        0      0 coyote:domain           0.0.0.0:*                           root       31187      1084/dnsmasq
> udp        0      0 0.0.0.0:bootps          0.0.0.0:*                           root       31184      1084/dnsmasq
> udp        0      0 c-98-245-12-4.hs:bootpc denv01dhcp-ho-02:bootps ESTABLISHED root       29795      862/NetworkManager
> udp        0      0 localhost:323           0.0.0.0:*                           root       25199      763/chronyd
> udp        0      0 0.0.0.0:58501           0.0.0.0:*                           avahi      22060      748/avahi-daemon: r
> udp6       0      0 [::]:mdns               [::]:*                              avahi      22059      748/avahi-daemon: r
> udp6       0      0 localhost:323           [::]:*                              root       25200      763/chronyd
> udp6       0      0 coyote:dhcpv6-client    [::]:*                              root       30632      862/NetworkManager
> udp6       0      0 [::]:33746              [::]:*                              avahi      22061      748/avahi-daemon: r

If you look at the last column, you can see what's involved with those
things:  DNSmasq (your local DNS server), CUPSD (your local printer
server), sendmail (your local mail server), AVAHI-DAEMON (part of your
local networking, finding out your IP address, finding other things in
your network), NETWORK MANAGER (handling your network), CHRONYD (your
local time server managing your clock).

All normal stuff, although they're listening to any address, rather
than only listening to local addresses.  That could be tightened up for
some things, at least.  I see no reason for CUPS to listen outside of
your LAN, for instance.

LANs are chatty, especially when you throw CUPS and mDNS into the mix. 
CUPS advertises itself, and looks for printers.  AVAHI, etc., are
always on the lookout for other things on your LAN.  It's next to
impossible to stop the LEDs blinking on your network port in a LAN.

And there's always going to be loads of DNS lookups while things are
being used by you.  When you browse a webpage, the page is made up of
content dragged in from all over the place, text, graphics, scripts,
etc., the browser has to find them.  You can get the same kind of thing
with HTML mail, too.

Regarding the other set of data with all the comcast addresses, I can't
comment, as I have no idea what the data is in the adjacent columns.  I
hate programs which spew out data without titling what it is.

If, however, it is like Stan said (people scanning for exploitable
ports within comcast), then my opinion is that you report that to
comcast, and suggest that they either deal with their customers who are
nefariously scanning their network, or fix their firewall to stop
outsiders scanning their network.  Either way, that's *their* job.

But first, confirm it is exploit scanning.  I can't tell from the data
you provided.

Looking at some of the domain names, I would have thought you'd logged
this while you're using your web browser.
 
-- 
 
uname -rsvp
Linux 3.10.0-1160.6.1.el7.x86_64 #1 SMP Tue Nov 17 13:59:11 UTC 2020 x86_64
 
Boilerplate:  All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.
 
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux