On Wed, 2020-12-02 at 16:09 +0000, home user wrote: > --------------- begin text file --------------- > Active Internet connections (servers and established) > Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name > tcp 0 0 coyote:domain 0.0.0.0:* LISTEN root 31188 1084/dnsmasq > tcp 0 0 0.0.0.0:ipp 0.0.0.0:* LISTEN root 22447 947/cupsd > tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN root 39031 1680/sendmail: acce > tcp6 0 0 [::]:ipp [::]:* LISTEN root 22448 947/cupsd > udp 0 0 0.0.0.0:mdns 0.0.0.0:* avahi 22058 748/avahi-daemon: r > udp 0 0 coyote:domain 0.0.0.0:* root 31187 1084/dnsmasq > udp 0 0 0.0.0.0:bootps 0.0.0.0:* root 31184 1084/dnsmasq > udp 0 0 c-98-245-12-4.hs:bootpc denv01dhcp-ho-02:bootps ESTABLISHED root 29795 862/NetworkManager > udp 0 0 localhost:323 0.0.0.0:* root 25199 763/chronyd > udp 0 0 0.0.0.0:58501 0.0.0.0:* avahi 22060 748/avahi-daemon: r > udp6 0 0 [::]:mdns [::]:* avahi 22059 748/avahi-daemon: r > udp6 0 0 localhost:323 [::]:* root 25200 763/chronyd > udp6 0 0 coyote:dhcpv6-client [::]:* root 30632 862/NetworkManager > udp6 0 0 [::]:33746 [::]:* avahi 22061 748/avahi-daemon: r If you look at the last column, you can see what's involved with those things: DNSmasq (your local DNS server), CUPSD (your local printer server), sendmail (your local mail server), AVAHI-DAEMON (part of your local networking, finding out your IP address, finding other things in your network), NETWORK MANAGER (handling your network), CHRONYD (your local time server managing your clock). All normal stuff, although they're listening to any address, rather than only listening to local addresses. That could be tightened up for some things, at least. I see no reason for CUPS to listen outside of your LAN, for instance. LANs are chatty, especially when you throw CUPS and mDNS into the mix. CUPS advertises itself, and looks for printers. AVAHI, etc., are always on the lookout for other things on your LAN. It's next to impossible to stop the LEDs blinking on your network port in a LAN. And there's always going to be loads of DNS lookups while things are being used by you. When you browse a webpage, the page is made up of content dragged in from all over the place, text, graphics, scripts, etc., the browser has to find them. You can get the same kind of thing with HTML mail, too. Regarding the other set of data with all the comcast addresses, I can't comment, as I have no idea what the data is in the adjacent columns. I hate programs which spew out data without titling what it is. If, however, it is like Stan said (people scanning for exploitable ports within comcast), then my opinion is that you report that to comcast, and suggest that they either deal with their customers who are nefariously scanning their network, or fix their firewall to stop outsiders scanning their network. Either way, that's *their* job. But first, confirm it is exploit scanning. I can't tell from the data you provided. Looking at some of the domain names, I would have thought you'd logged this while you're using your web browser. -- uname -rsvp Linux 3.10.0-1160.6.1.el7.x86_64 #1 SMP Tue Nov 17 13:59:11 UTC 2020 x86_64 Boilerplate: All unexpected mail to my mailbox is automatically deleted. I will only get to see the messages that are posted to the mailing list. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx