View previous topic :: View next topic |
Author |
Message |
Wallsandfences Guru
Joined: 29 Mar 2010 Posts: 378
|
Posted: Sun Dec 03, 2017 2:30 pm Post subject: security breach? [solved] |
|
|
Hi,
An hour ago I started my box. I'm running the profile change induced updates at the moment.
My hardware monitor shows, that my box uploaded 500MB at a more or less constant rate of 180Kib/sec during this hour.
I have no uploads running. So I think something strange is going on. How would you proceed from here?
R.
Last edited by Wallsandfences on Sun Dec 03, 2017 5:31 pm; edited 1 time in total |
|
Back to top |
|
|
roboto Apprentice
Joined: 15 Feb 2017 Posts: 156 Location: My IP address.
|
Posted: Sun Dec 03, 2017 3:36 pm Post subject: |
|
|
What network service are you using?
I've had experience with DHCP constantly sending packets to 127.0.0.1.
If you have wireshark installed, then you can see where your packets are going. If they're going to 127.0.0.1, then you're fine. If they're going to a different and unfamiliar IP address, then something's up. _________________ Answers please.
The true hater of man expects nothing from him and is indiscriminate to his works.
-Ayn Rand
Quote: | Dude. Minus 30 credibility points. |
Yep |
|
Back to top |
|
|
Wallsandfences Guru
Joined: 29 Mar 2010 Posts: 378
|
Posted: Sun Dec 03, 2017 5:17 pm Post subject: |
|
|
I use NetworkManager
Great tip re wireshark, it shows that the traffic goes to 224.0.0.56
I recall that‘s reserved, so not sure what that tells me... |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54237 Location: 56N 3W
|
Posted: Sun Dec 03, 2017 5:24 pm Post subject: |
|
|
Wallsandfences,
That's 224.0.0.37-224.0.0.68 zeroconfaddr according to iana
Your box is multicasting something. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
Wallsandfences Guru
Joined: 29 Mar 2010 Posts: 378
|
Posted: Sun Dec 03, 2017 5:30 pm Post subject: |
|
|
Ok found it: multicast/rtp was active in pulseaudio. Switching it off solved the issue |
|
Back to top |
|
|
Ant P. Watchman
Joined: 18 Apr 2009 Posts: 6920
|
Posted: Sun Dec 03, 2017 5:30 pm Post subject: |
|
|
(edit: too slow, but might be useful for someone else)
Run lsof -ni (as root) and it should show what program's sending to that IP. |
|
Back to top |
|
|
Wallsandfences Guru
Joined: 29 Mar 2010 Posts: 378
|
Posted: Sun Dec 03, 2017 7:31 pm Post subject: |
|
|
Ant P., your reply is still helpful, thanks!
R.
the other posters, thanks as well! |
|
Back to top |
|
|
|