Berkeley CSUA MOTD:Entry 36144
Berkeley CSUA MOTD
 
WIKI | FAQ | Tech FAQ
http://csua.com/feed/
2024/11/27 [General] UID:1000 Activity:popular
11/27   

2005/2/11-14 [Computer/HW/Laptop] UID:36144 Activity:kinda low
2/11    Any idea why my debian laptop would have this traffic. I'm on a
        wireless network in my house. connected to the internet via
        comcast. My laptop's iptables firewall is blocking all
        inbound ports
        14:18:55.194060 10.0.0.101.2622 > http://fatboy.paqnet.com.www
        \_ spyware, most likely
           \_ spyware on my laptop? shit.
           \_ crap. okay where do I start looking into this?
            \_ Spyware on debian?  I doubt it.  But I'd start by looking
               at full tcpdump output.  You can see what http requests
               are being sent and that will probably give you a better idea
               what is going on.
                \_ I use Opera 7.54 and there are a couple security
                   updates that I missed. Perhaps I visited a malicious
                   website.  I want to figure out what is really going on.
                   \_ If you are this paranoid and don't know how to see
                      the contents of the packets and what program has the
                      socket open, well, you sir, are a moron.
                        \_ the socket was changing with each run.
                           Thanks for the insult. That really helps.
                                \_ Don't mind him. He probably had no idea
                                   himself. Not everyone can deal well with
                                   their shortcomings.
        \_ Your computer is trying to connect to paqnet for something, but
           it could just as easily be some kind of automatic update feature
           as spyware. More likely the former, I think. paqnet is some kind
           of distrubution site for various kinds of software. See:
           http://www.paqnet.cz
           Did you install power quality monitoring software on your
           laptop???
           \_ No I haven't installed that sort of software. it also looks
              like http://paqnet.com is an ISP. they've probably got bad users.
              \_ Port 2622 is registered for MetricaDBC. I don't know
                 what that is, but maybe you do. Did you install anything
                 like that?
                 \_ Nope. It looks like the some of the http://paqnet.com users
                    are off-roaders. I wonder if they are good guys.
                    Maybe they would send me parts of http logfiles.
                    \_ Hmm, doesn't look so good to me. I don't know
                       of any rootkits that use 2622 to communicate,
                       but you might want to start considering that
                       could have been hacked.
                       \_ 2622 is the source port.  Has little or nothing to
                          do with what might be making this connection.  You
                          may want to run netstat -pa to see if you can track
                          down the process making such connections.  They're
                          probably brief, though, so you won't get much.  How
                          often are these connections happening? --scotsman
                          \_ I saw about 3 of them in 10 minutes or so,
                             but stupid me, I shut down my laptop to
                             make an image of the disk, but when I turned
                             back on, I don't see any more of the traffic.
                             \_ Someone may have rootkitted you and run a
                                proxy daemon, but not put it into startup
                                files.  Look for core files.  Look for things
                                like oddly recent timestamps on ls, netstat,
                                ps, etc.
                                \_ Thanks. I've left my laptop on for a couple
                                   days, and now after visiting http://cnn.com this
                                   afternoon, I'm seeing similar traffic
                                   again! Perhaps it is an Opera bug.  At
                                   least now I can start figuring it out.
                                   Thanks for all your help.
2024/11/27 [General] UID:1000 Activity:popular
11/27   

You may also be interested in these entries...
2013/8/16-10/28 [Computer/HW/Laptop] UID:54728 Activity:nil
8/16    I just left my employer. They didn't ask to get their HW back.
        Is is common for employers to contact me a few months/years later
        and ask for their HW back?
        \_ Is it an iPhone 9 prototype? :-)
           \_ as a matter of fact, it is just a 2 year old laptop
              and they don't seem to keep track of inventor
	...
2013/7/8-8/23 [Computer/HW/Laptop] UID:54706 Activity:nil
7/8     Suppose I just stopped going to work and stopped communicating
        with them. How many days will it take before they stop sending me
        paycheck (and maybe even try to get back the laptop they gave me)?
        \_ They'll probably try to call your emergency contact first to see if
           you're hit a tree or something.
           you've hit a tree or something.
	...
2011/12/21-2012/2/6 [Computer/HW/Laptop, Computer/SW/Editors/Emacs] UID:54269 Activity:nil
12/21   In Emacs, how do I make it so that it will resize its screen
        when the maximum resolution of my monitor changes? When I
        use my laptop, my emacs is too big (and I can't resize it
        because the bottom-right corner is not accessible).
        \_ Which OS?  Can't you drag the top border (not a corner) to resize
           the height to be smaller?
	...
2011/5/9-7/13 [Computer/Companies/Apple, Computer/SW/OS/OsX] UID:54106 Activity:nil
5/4     Any thoughts about apple switching to ARM for all machines?
        \_ Could only have happened if the Mac App Store had been a wild, wild
           success, and they were willing to give up Steam. Games/dual-booting
           is strategically valuable to not driving people away from macs.
           A new ARM iOS based device, or opening the Apple TV to iOS apps
           (same thing, really) would be much more likely than sabotaging their
	...
2011/3/12-4/20 [Consumer/CellPhone, Computer/HW/Laptop] UID:54057 Activity:nil
3/12    I am curious what others think of tablets like iPad. They don't seem
        useful to me, but I use my computer for more than web browsing,
        Facebook, and Twitter. Why would I buy one instead of a laptop?
        They seem like a disabled laptop to me, but at a higher price.
        \_ You are most likely a coder.  iPad is not for coders.  They are
           what you get your non-technical friends.  Or musicians.  Look at
	...
2010/8/23-9/7 [Computer/SW/OS/Windows] UID:53932 Activity:low
9/21    are you guys really all using win7 in some way now?
        \_ Yes.  In my company, we have upgraded all our machines for
           development, QA and other office use (HR, Finance, Receptions, etc.)
           from WinXP to Win7 a few months ago.  Our products now primarily
           support Win7/Win2008 and secondarily support WinXP/Win2003.
           \_ Any weird gotchas support-wise?
	...
2010/5/17-26 [Computer/SW/OS/OsX] UID:53835 Activity:nil
5/13    I am getting a new Macbook Pro. Should I get a glossy or matte screen?
        I always had matte in the past. I use my laptop just about everywhere
        and glare is a concern. Should I stick with matte? I noticed
        glossy is the default now.
        \_ It is weird, but I have the glossy screen that goes to the edge of
           the monitor for my 13" PB and it somehow seems bigger than the one
	...
2010/4/5-15 [Computer/HW/Laptop, Computer/SW/OS/OsX] UID:53770 Activity:nil
4/4     My macbook is dying. After three and a half years, I want to retire it,
        and get a new one, but I live in constant fear* that Apple will pull a fast
        one on me and update them as soon as I do. Anyone know anything about an
        impending Apple laptop refresh?
        * = hyperbole
        \_ http://buyersguide.macrumors.com
	...
2010/1/22-30 [Computer/HW/Laptop, Computer/SW/OS/OsX] UID:53655 Activity:high
1/22    looking to buy a new development laptop
        needs ssdrive, >6 hr possible batt life, and runs linux reasonably
        Anyone have a recommendation? Thx.
        \_ thinkpad t23 w ssdrive and battery inplace of drive bay
        \_ Ever wondered what RICHARD STALLMAN uses for a laptop?  Well,
           wonder no more!
	...
2009/10/24-11/3 [Computer/HW/Laptop] UID:53466 Activity:kinda low
10/24   How well do you see color? I got 8, how about you?
        http://www.xrite.com/custom_page.aspx?PageID=77
        \_ 7
           \_ what monitor did you use?
              \_ LCD on thinkpad x32, under not so great lighting conditions.
        \_ I scored 101, which seems impossible. Then again, I didn't
	...
Cache (49 bytes)
www.paqnet.cz
FRAME: topFrame FRAME: leftFrame FRAME: mainFrame
Cache (59 bytes)
fatboy.paqnet.com
Empty There is nothing to see at the / level of this system
Cache (59 bytes)
paqnet.com
Empty There is nothing to see at the / level of this system
Cache (372 bytes)
cnn.com -> www.cnn.com/
About 250 prisoners freed from Abu Ghraib The United States today freed about 250 detainees from Abu Ghraib prison, site of alleged abuses that prompted global outrage and led to days of hearings on Capitol Hill. Today marks the first mass prisoner release since the abuse scandal broke several weeks ago. Defense Secretary Donald Rumsfeld had visited the prison Thursday.