| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On 21.01.2012 01:12, Grant wrote: |
| 5 |
>>> If the machine is running linux, then 'watch "lsof -n|grep |
| 6 |
>>> TCP|grep 3680"' as root is a sloppy but effective way to find |
| 7 |
>>> it. There's probably some way to set up a firewall rule on the |
| 8 |
>>> host in question that logs out the user and (possibly) PID of |
| 9 |
>>> the connection, but I don't know. |
| 10 |
>> |
| 11 |
>> "lsof -i" is easier, it only shows network connections :) |
| 12 |
>> |
| 13 |
>> catching it when it happens (if it is very briefly connected) |
| 14 |
>> could be hard with lsof... Maybe setup a tarpit firewall rule on |
| 15 |
>> that box so the connection stays open for a long time. |
| 16 |
> |
| 17 |
> The connections are only attempted a few times throughout the day. |
| 18 |
> Is a tarpit firewall rule the only way to do this? Can anyone tell |
| 19 |
> me what package 'watch' belongs to if that would work? |
| 20 |
> |
| 21 |
> - Grant |
| 22 |
> |
| 23 |
I get: |
| 24 |
|
| 25 |
equery b watch |
| 26 |
* Searching for watch ... |
| 27 |
net-irc/irssi-0.8.15-r1 (/usr/share/irssi/help/watch) |
| 28 |
sys-process/procps-3.2.8_p11 (/usr/bin/watch) |
| 29 |
x11-themes/gnome-themes-standard-3.3.4 |
| 30 |
(/usr/share/cursors/xorg-x11/Adwaita/cursors/watch) |
| 31 |
|
| 32 |
First and third can be ruled out, I think. So one candidate remains: |
| 33 |
|
| 34 |
sys-process/procps |
| 35 |
Available versions: 3.2.8 (~)3.2.8-r1 3.2.8-r2 (~)3.2.8_p10-r1 |
| 36 |
3.2.8_p11 {unicode} |
| 37 |
Installed versions: 3.2.8_p11(00:15:18 22.12.2011)(unicode) |
| 38 |
Homepage: http://procps.sourceforge.net/ |
| 39 |
Description: Standard informational utilities and |
| 40 |
process-handling tools |
| 41 |
-----BEGIN PGP SIGNATURE----- |
| 42 |
Version: GnuPG v2.0.18 (GNU/Linux) |
| 43 |
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ |
| 44 |
|
| 45 |
iQEcBAEBAgAGBQJPGghBAAoJEJwwOFaNFkYc22gH/1hx7MQb/exllk3GhkQSQes/ |
| 46 |
P6XFg/8dJy3Kag0FReAN/xN6or9SHPHXgUiVUsN+XIYV6Vt94Gbm/ZUHfwkzckJG |
| 47 |
DP3/z+pQ0E0+xle32Gabo5Hpt47chgzsThdyghVkWVefMqQdkJwJPGwHcQ3yCzC5 |
| 48 |
LIXgZzmKoPUx5I9BaFnl/KkxRGbtTDYieWdpaxkOPjHiMZ+8wDPO6XDfhSggJPdR |
| 49 |
4hMFik2B/04s7OTlqA9Qfvk1PZszSPnFN5t4Ick1PHwi/ZesobJGR5eeBlUfq5av |
| 50 |
Y9STFvDojCAo3Mjf2IiXWCP8j8Fs9e7ToXvwmhn55t4XjS0v9Y+qhq8B3IsSl7o= |
| 51 |
=gaPQ |
| 52 |
-----END PGP SIGNATURE----- |
Archives