cable modem activity

Kevin Cozens kcozens-qazKcTl6WRFWk0Htik3J/w at public.gmane.org
Fri Apr 23 18:45:08 UTC 2004 

Greetings, Charly.

At 10:18 AM 04/22/2004, you wrote:
>I downloaded treeps-1.2-2.i386.rpm.md5sum.  Do I use
>rpm -Uvh treeps-1.2-2.i386.rpm.md5sum  to install it?

The file you want to download and install should normally end in .rpm only 
and not .md5sum. The file ending in .md5sum is probably the smaller file 
and is just the file you would use to ensure that the installable file was 
downloaded properly.

Several years I ran across a similar situation of unexpected high level of 
network activity on a Silicon Graphics computer. 'ps' didn't tell me 
anything useful. It was netstat that was more helpful in determining that 
an external company was running a search engine that wasn't limiting the 
rate at which it was accessing the web pages on the machine. I dealt with 
it by adding a route for their IP address to a non-existent IP address in 
the local network and reported the problem to the other company.

There was no need for you to reboot the machine. Since you indicated your 
computer wasn't doing anything that need the cable modem at the time, you 
could have temporarily shutdown the network support (ie. /sbin/service 
network stop).

Anyone with access to the net (especially via cable modem or DSL and even 
if only a dial-up modem) should use some form of firewall. The part of the 
portscan of your machine indicated was reported in another message 
indicated that you have open ports for LDAP, some unspecified service on 
port 1002, and a SQL database on port 1720. Unless you need to make these 
ports accessible to people outside your local network, you should do 
something to limit access to these ports.

One simple solution is to use a script like monmotha. You set a few 
variables in the first part of the script specifying what should and should 
not be accessible to the local network and to the Internet and the rest of 
the script uses iptable commands to build the rules to protect your machine.


Cheers!

Kevin.  (http://www.interlog.com/~kcozens/)

Owner of Elecraft K2 #2172        |"What are we going to do today, Borg?"
E-mail:kcozens at interlog dot com|"Same thing we always do, Pinkutus:
Packet:ve3syb-XXPEJ3/fxIc at public.gmane.org#con.on.ca.na|  Try to assimilate the world!"
#include <disclaimer/favourite>   |              -Pinkutus & the Borg

--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml

More information about the Legacy mailing list