Re: mysterious/suspicious internet activity.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12/3/20 10:57 PM, Ed Greshko wrote:

The virbr0 interface is the interface between your system and any qemu/kvm Virtual Machines you deploy.  This is an "internal" interface not connected directly to the Internet.

I've never heard of this. I'm not sure, but this seems like something I don't use, at least not explicitly. Is this something that I can remove from the system, or at least turn off (so it won't use CPU), Or is this "under the hood" of things I do use?

-bash.3[~]: firewall-cmd --info-zone=public
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: eno1
  sources:
  services: dhcpv6-client mdns
  ports:
  protocols:
  masquerade: no
  forward-ports:
  source-ports:
  icmp-blocks:
  rich rules:
-bash.4[~]:

[... snip ...]
You most likely don't need mdns (Multicast DNS) and can delete that service.  You *may* need dhcpv6-client
to properly configure your IPv6 automatically when the system starts.

How do I delete a service (mdns)?

To address your other post containing all the Screen shots....
[... snip ...]
If you want to know more about the "services" shown in the screen shots one way to do it is lookup the
service in /etc/services.

[egreshko@meimei ~]$ grep tivoconnect /etc/services
tivoconnect     2190/tcp                # TiVoConnect Beacon
tivoconnect     2190/udp                # TiVoConnect Beacon

And then google the description, in this case "TiVoConnect Beacon". Learn, for example, http://tivopod.sourceforge.net/tivoconnect.pdf and see that it is a broadcast protocol used
by TiVo devices.

I got the same results.

If I understood you and that pdf file correctly, tivoconnect has nothing to do with watching youtube videos or online streaming (such as Viki, Rakuten, or Zoom). I think I don't use this either. But tivoconnect sure shows up a lot in both columns. Is there something I should remove from the system (via dnf), or shut off?

Someone in this thread suggested that outgoing traffic should be examined as well as incoming. That does make sense to me. The firewall-cmd commands I did: did those look at both incoming and outgoing, or just incoming?
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux