1 |
Alan McKinnon wrote: |
2 |
> On Sunday 15 August 2010 22:55:23 Paul Hartman wrote: |
3 |
> |
4 |
>> On Sun, Aug 15, 2010 at 3:34 PM, Dale<rdalek1967@×××××.com> wrote: |
5 |
>> |
6 |
>>> Hi folks, |
7 |
>>> |
8 |
>>> I been noticing the past few weeks that something is communicating with |
9 |
>>> Yahoo at these addresses: |
10 |
>>> |
11 |
>>> cs210p2.msg.sp1.yahoo.com |
12 |
>>> |
13 |
>>> rdis.msg.vip.sp1.yahoo.com |
14 |
>>> |
15 |
>>> I thought it was Kopete getting some info, profile pics maybe, from the |
16 |
>>> server. Thing is, it does this for a really long time. It is also |
17 |
>>> SENDING data as well. I have no idea why it is doing this or what it is |
18 |
>>> sending. I closed the Kopete app but the data still carries on. This |
19 |
>>> "transfer" has been going for a while now and the only way I can stop it |
20 |
>>> is to stop the network, wait a minute or two for it to time out and then |
21 |
>>> restart the network. |
22 |
>>> |
23 |
>>> Anybody have any idea what the heck this is? Is Yahoo up to something? |
24 |
>>> |
25 |
>>> Some new security issue that I haven't heard of? |
26 |
>>> |
27 |
>> I think it's normal. |
28 |
>> |
29 |
>> The first address is one of their pool of messaging servers and the |
30 |
>> second is a web server, probably like you said for retrieving |
31 |
>> additional info. The sending of data could be the http request, or |
32 |
>> updating your status/picture/whatever kopete may be doing. You could |
33 |
>> try blocking it and see what breaks. :) |
34 |
>> |
35 |
> Dale, |
36 |
> |
37 |
> It could also be a weather map, or any number of widgets that get data from |
38 |
> the intartubes. |
39 |
> |
40 |
> netstat with -p can help track down the app that has the connection open |
41 |
> |
42 |
> |
43 |
|
44 |
OK. It finally started doing it again. Here is the short version of |
45 |
netstat -p. It looks like kopete but what in the heck is it sending and |
46 |
receiving? |
47 |
|
48 |
root@smoker / # netstat -p |
49 |
Active Internet connections (w/o servers) |
50 |
Proto Recv-Q Send-Q Local Address Foreign Address |
51 |
State PID/Program name |
52 |
tcp 0 0 192.168.1.2:43577 rdis.msg.vip.sp1.y:http |
53 |
TIME_WAIT - |
54 |
tcp 0 0 192.168.1.2:43438 rdis.msg.vip.sp1.y:http |
55 |
TIME_WAIT - |
56 |
tcp 0 0 192.168.1.2:52423 cs204p1.msg.sp1.ya:5050 |
57 |
ESTABLISHED 9968/kopete |
58 |
tcp 0 0 192.168.1.2:43490 rdis.msg.vip.sp1.y:http |
59 |
TIME_WAIT - |
60 |
tcp 0 1 192.168.1.2:43586 rdis.msg.vip.sp1.y:http |
61 |
SYN_SENT 18971/kopeteFc9968. |
62 |
tcp 0 0 localhost:60971 localhost:nut |
63 |
ESTABLISHED 9578/upsmon |
64 |
tcp 1 1 192.168.1.2:43584 rdis.msg.vip.sp1.y:http |
65 |
CLOSING - |
66 |
tcp 0 0 192.168.1.2:43558 rdis.msg.vip.sp1.y:http |
67 |
TIME_WAIT - |
68 |
tcp 0 0 192.168.1.2:48301 cs201p1.msg.sp1.ya:5050 |
69 |
ESTABLISHED 9968/kopete |
70 |
tcp 0 0 192.168.1.2:43523 rdis.msg.vip.sp1.y:http |
71 |
TIME_WAIT - |
72 |
tcp 0 0 localhost:nut localhost:60971 |
73 |
ESTABLISHED 9640/upsd |
74 |
tcp 0 0 192.168.1.2:42517 cs215p2.msg.ac4.ya:5050 |
75 |
ESTABLISHED 9968/kopete |
76 |
tcp 0 0 192.168.1.2:43462 rdis.msg.vip.sp1.y:http |
77 |
TIME_WAIT - |
78 |
tcp 0 0 192.168.1.2:43516 rdis.msg.vip.sp1.y:http |
79 |
TIME_WAIT - |
80 |
tcp 0 0 192.168.1.2:43479 rdis.msg.vip.sp1.y:http |
81 |
TIME_WAIT - |
82 |
tcp 0 0 192.168.1.2:43405 rdis.msg.vip.sp1.y:http |
83 |
TIME_WAIT - |
84 |
tcp 0 0 192.168.1.2:43483 rdis.msg.vip.sp1.y:http |
85 |
TIME_WAIT - |
86 |
tcp 0 0 192.168.1.2:43563 rdis.msg.vip.sp1.y:http |
87 |
TIME_WAIT - |
88 |
tcp 0 0 192.168.1.2:43487 rdis.msg.vip.sp1.y:http |
89 |
TIME_WAIT - |
90 |
tcp 0 0 192.168.1.2:43483 rdis.msg.vip.sp1.y:http |
91 |
TIME_WAIT - |
92 |
tcp 0 0 192.168.1.2:43563 rdis.msg.vip.sp1.y:http |
93 |
TIME_WAIT - |
94 |
tcp 0 0 192.168.1.2:43487 rdis.msg.vip.sp1.y:http |
95 |
TIME_WAIT - |
96 |
|
97 |
One other question, if this is kopete, how does it keep |
98 |
sending/receiving after I have closed the kopete app? |
99 |
|
100 |
This is weird. Kopete and Yahoo have not done this before. |
101 |
|
102 |
Dale |
103 |
|
104 |
:-) :-) |