Re: [gentoo-user] Yahoo and strange traffic. - gentoo-user

From:	Dale <rdalek1967@×××××.com>
To:	gentoo-user@l.g.o
Subject:	Re: [gentoo-user] Yahoo and strange traffic.
Date:	Mon, 16 Aug 2010 22:56:33
Message-Id:	`4C69C1E4.9090309@gmail.com`
In Reply to:	Re: [gentoo-user] Yahoo and strange traffic. by Alan McKinnon

1

Alan McKinnon wrote:

2

> On Sunday 15 August 2010 22:55:23 Paul Hartman wrote:

3

>

4

>> On Sun, Aug 15, 2010 at 3:34 PM, Dale<rdalek1967@×××××.com>  wrote:

5

>>

6

>>> Hi folks,

7

>>>

8

>>> I been noticing the past few weeks that something is communicating with

9

>>> Yahoo at these addresses:

10

>>>

11

>>> cs210p2.msg.sp1.yahoo.com

12

>>>

13

>>> rdis.msg.vip.sp1.yahoo.com

14

>>>

15

>>> I thought it was Kopete getting some info, profile pics maybe, from the

16

>>> server.  Thing is, it does this for a really long time.  It is also

17

>>> SENDING data as well.  I have no idea why it is doing this or what it is

18

>>> sending.  I closed the Kopete app but the data still carries on.   This

19

>>> "transfer" has been going for a while now and the only way I can stop it

20

>>> is to stop the network, wait a minute or two for it to time out and then

21

>>> restart the network.

22

>>>

23

>>> Anybody have any idea what the heck this is?  Is Yahoo up to something?

24

>>>

25

>>>   Some new security issue that I haven't heard of?

26

>>>

27

>> I think it's normal.

28

>>

29

>> The first address is one of their pool of messaging servers and the

30

>> second is a web server, probably like you said for retrieving

31

>> additional info. The sending of data could be the http request, or

32

>> updating your status/picture/whatever kopete may be doing. You could

33

>> try blocking it and see what breaks. :)

34

>>

35

> Dale,

36

>

37

> It could also be a weather map, or any number of widgets that get data from

38

> the intartubes.

39

>

40

> netstat with -p can help track down the app that has the connection open

41

>

42

>

43

44

OK.  It finally started doing it again.  Here is the short version of 

45

netstat -p.  It looks like kopete but what in the heck is it sending and 

46

receiving?

47

48

root@smoker / # netstat -p

49

Active Internet connections (w/o servers)

50

Proto Recv-Q Send-Q Local Address           Foreign Address         

51

State       PID/Program name

52

tcp        0      0 192.168.1.2:43577       rdis.msg.vip.sp1.y:http 

53

TIME_WAIT   -

54

tcp        0      0 192.168.1.2:43438       rdis.msg.vip.sp1.y:http 

55

TIME_WAIT   -

56

tcp        0      0 192.168.1.2:52423       cs204p1.msg.sp1.ya:5050 

57

ESTABLISHED 9968/kopete

58

tcp        0      0 192.168.1.2:43490       rdis.msg.vip.sp1.y:http 

59

TIME_WAIT   -

60

tcp        0      1 192.168.1.2:43586       rdis.msg.vip.sp1.y:http 

61

SYN_SENT    18971/kopeteFc9968.

62

tcp        0      0 localhost:60971         localhost:nut           

63

ESTABLISHED 9578/upsmon

64

tcp        1      1 192.168.1.2:43584       rdis.msg.vip.sp1.y:http 

65

CLOSING     -

66

tcp        0      0 192.168.1.2:43558       rdis.msg.vip.sp1.y:http 

67

TIME_WAIT   -

68

tcp        0      0 192.168.1.2:48301       cs201p1.msg.sp1.ya:5050 

69

ESTABLISHED 9968/kopete

70

tcp        0      0 192.168.1.2:43523       rdis.msg.vip.sp1.y:http 

71

TIME_WAIT   -

72

tcp        0      0 localhost:nut           localhost:60971         

73

ESTABLISHED 9640/upsd

74

tcp        0      0 192.168.1.2:42517       cs215p2.msg.ac4.ya:5050 

75

ESTABLISHED 9968/kopete

76

tcp        0      0 192.168.1.2:43462       rdis.msg.vip.sp1.y:http 

77

TIME_WAIT   -

78

tcp        0      0 192.168.1.2:43516       rdis.msg.vip.sp1.y:http 

79

TIME_WAIT   -

80

tcp        0      0 192.168.1.2:43479       rdis.msg.vip.sp1.y:http 

81

TIME_WAIT   -

82

tcp        0      0 192.168.1.2:43405       rdis.msg.vip.sp1.y:http 

83

TIME_WAIT   -

84

tcp        0      0 192.168.1.2:43483       rdis.msg.vip.sp1.y:http 

85

TIME_WAIT   -

86

tcp        0      0 192.168.1.2:43563       rdis.msg.vip.sp1.y:http 

87

TIME_WAIT   -

88

tcp        0      0 192.168.1.2:43487       rdis.msg.vip.sp1.y:http 

89

TIME_WAIT   -

90

tcp        0      0 192.168.1.2:43483       rdis.msg.vip.sp1.y:http 

91

TIME_WAIT   -

92

tcp        0      0 192.168.1.2:43563       rdis.msg.vip.sp1.y:http 

93

TIME_WAIT   -

94

tcp        0      0 192.168.1.2:43487       rdis.msg.vip.sp1.y:http 

95

TIME_WAIT   -

96

97

One other question, if this is kopete, how does it keep 

98

sending/receiving after I have closed the kopete app?

99

100

This is weird.  Kopete and Yahoo have not done this before.

101

102

Dale

103

104

:-)  :-)

Gentoo Archives: gentoo-user

Replies

1	Alan McKinnon wrote:
2	> On Sunday 15 August 2010 22:55:23 Paul Hartman wrote:
3	>
4	>> On Sun, Aug 15, 2010 at 3:34 PM, Dale<rdalek1967@×××××.com> wrote:
5	>>
6	>>> Hi folks,
7	>>>
8	>>> I been noticing the past few weeks that something is communicating with
9	>>> Yahoo at these addresses:
10	>>>
11	>>> cs210p2.msg.sp1.yahoo.com
12	>>>
13	>>> rdis.msg.vip.sp1.yahoo.com
14	>>>
15	>>> I thought it was Kopete getting some info, profile pics maybe, from the
16	>>> server. Thing is, it does this for a really long time. It is also
17	>>> SENDING data as well. I have no idea why it is doing this or what it is
18	>>> sending. I closed the Kopete app but the data still carries on. This
19	>>> "transfer" has been going for a while now and the only way I can stop it
20	>>> is to stop the network, wait a minute or two for it to time out and then
21	>>> restart the network.
22	>>>
23	>>> Anybody have any idea what the heck this is? Is Yahoo up to something?
24	>>>
25	>>> Some new security issue that I haven't heard of?
26	>>>
27	>> I think it's normal.
28	>>
29	>> The first address is one of their pool of messaging servers and the
30	>> second is a web server, probably like you said for retrieving
31	>> additional info. The sending of data could be the http request, or
32	>> updating your status/picture/whatever kopete may be doing. You could
33	>> try blocking it and see what breaks. :)
34	>>
35	> Dale,
36	>
37	> It could also be a weather map, or any number of widgets that get data from
38	> the intartubes.
39	>
40	> netstat with -p can help track down the app that has the connection open
41	>
42	>
43
44	OK. It finally started doing it again. Here is the short version of
45	netstat -p. It looks like kopete but what in the heck is it sending and
46	receiving?
47
48	root@smoker / # netstat -p
49	Active Internet connections (w/o servers)
50	Proto Recv-Q Send-Q Local Address Foreign Address
51	State PID/Program name
52	tcp 0 0 192.168.1.2:43577 rdis.msg.vip.sp1.y:http
53	TIME_WAIT -
54	tcp 0 0 192.168.1.2:43438 rdis.msg.vip.sp1.y:http
55	TIME_WAIT -
56	tcp 0 0 192.168.1.2:52423 cs204p1.msg.sp1.ya:5050
57	ESTABLISHED 9968/kopete
58	tcp 0 0 192.168.1.2:43490 rdis.msg.vip.sp1.y:http
59	TIME_WAIT -
60	tcp 0 1 192.168.1.2:43586 rdis.msg.vip.sp1.y:http
61	SYN_SENT 18971/kopeteFc9968.
62	tcp 0 0 localhost:60971 localhost:nut
63	ESTABLISHED 9578/upsmon
64	tcp 1 1 192.168.1.2:43584 rdis.msg.vip.sp1.y:http
65	CLOSING -
66	tcp 0 0 192.168.1.2:43558 rdis.msg.vip.sp1.y:http
67	TIME_WAIT -
68	tcp 0 0 192.168.1.2:48301 cs201p1.msg.sp1.ya:5050
69	ESTABLISHED 9968/kopete
70	tcp 0 0 192.168.1.2:43523 rdis.msg.vip.sp1.y:http
71	TIME_WAIT -
72	tcp 0 0 localhost:nut localhost:60971
73	ESTABLISHED 9640/upsd
74	tcp 0 0 192.168.1.2:42517 cs215p2.msg.ac4.ya:5050
75	ESTABLISHED 9968/kopete
76	tcp 0 0 192.168.1.2:43462 rdis.msg.vip.sp1.y:http
77	TIME_WAIT -
78	tcp 0 0 192.168.1.2:43516 rdis.msg.vip.sp1.y:http
79	TIME_WAIT -
80	tcp 0 0 192.168.1.2:43479 rdis.msg.vip.sp1.y:http
81	TIME_WAIT -
82	tcp 0 0 192.168.1.2:43405 rdis.msg.vip.sp1.y:http
83	TIME_WAIT -
84	tcp 0 0 192.168.1.2:43483 rdis.msg.vip.sp1.y:http
85	TIME_WAIT -
86	tcp 0 0 192.168.1.2:43563 rdis.msg.vip.sp1.y:http
87	TIME_WAIT -
88	tcp 0 0 192.168.1.2:43487 rdis.msg.vip.sp1.y:http
89	TIME_WAIT -
90	tcp 0 0 192.168.1.2:43483 rdis.msg.vip.sp1.y:http
91	TIME_WAIT -
92	tcp 0 0 192.168.1.2:43563 rdis.msg.vip.sp1.y:http
93	TIME_WAIT -
94	tcp 0 0 192.168.1.2:43487 rdis.msg.vip.sp1.y:http
95	TIME_WAIT -
96
97	One other question, if this is kopete, how does it keep
98	sending/receiving after I have closed the kopete app?
99
100	This is weird. Kopete and Yahoo have not done this before.
101
102	Dale
103
104	:-) :-)