1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
On 21.01.2012 01:12, Grant wrote: |
5 |
>>> If the machine is running linux, then 'watch "lsof -n|grep |
6 |
>>> TCP|grep 3680"' as root is a sloppy but effective way to find |
7 |
>>> it. There's probably some way to set up a firewall rule on the |
8 |
>>> host in question that logs out the user and (possibly) PID of |
9 |
>>> the connection, but I don't know. |
10 |
>> |
11 |
>> "lsof -i" is easier, it only shows network connections :) |
12 |
>> |
13 |
>> catching it when it happens (if it is very briefly connected) |
14 |
>> could be hard with lsof... Maybe setup a tarpit firewall rule on |
15 |
>> that box so the connection stays open for a long time. |
16 |
> |
17 |
> The connections are only attempted a few times throughout the day. |
18 |
> Is a tarpit firewall rule the only way to do this? Can anyone tell |
19 |
> me what package 'watch' belongs to if that would work? |
20 |
> |
21 |
> - Grant |
22 |
> |
23 |
I get: |
24 |
|
25 |
equery b watch |
26 |
* Searching for watch ... |
27 |
net-irc/irssi-0.8.15-r1 (/usr/share/irssi/help/watch) |
28 |
sys-process/procps-3.2.8_p11 (/usr/bin/watch) |
29 |
x11-themes/gnome-themes-standard-3.3.4 |
30 |
(/usr/share/cursors/xorg-x11/Adwaita/cursors/watch) |
31 |
|
32 |
First and third can be ruled out, I think. So one candidate remains: |
33 |
|
34 |
sys-process/procps |
35 |
Available versions: 3.2.8 (~)3.2.8-r1 3.2.8-r2 (~)3.2.8_p10-r1 |
36 |
3.2.8_p11 {unicode} |
37 |
Installed versions: 3.2.8_p11(00:15:18 22.12.2011)(unicode) |
38 |
Homepage: http://procps.sourceforge.net/ |
39 |
Description: Standard informational utilities and |
40 |
process-handling tools |
41 |
-----BEGIN PGP SIGNATURE----- |
42 |
Version: GnuPG v2.0.18 (GNU/Linux) |
43 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
44 |
|
45 |
iQEcBAEBAgAGBQJPGghBAAoJEJwwOFaNFkYc22gH/1hx7MQb/exllk3GhkQSQes/ |
46 |
P6XFg/8dJy3Kag0FReAN/xN6or9SHPHXgUiVUsN+XIYV6Vt94Gbm/ZUHfwkzckJG |
47 |
DP3/z+pQ0E0+xle32Gabo5Hpt47chgzsThdyghVkWVefMqQdkJwJPGwHcQ3yCzC5 |
48 |
LIXgZzmKoPUx5I9BaFnl/KkxRGbtTDYieWdpaxkOPjHiMZ+8wDPO6XDfhSggJPdR |
49 |
4hMFik2B/04s7OTlqA9Qfvk1PZszSPnFN5t4Ick1PHwi/ZesobJGR5eeBlUfq5av |
50 |
Y9STFvDojCAo3Mjf2IiXWCP8j8Fs9e7ToXvwmhn55t4XjS0v9Y+qhq8B3IsSl7o= |
51 |
=gaPQ |
52 |
-----END PGP SIGNATURE----- |