Mailinglist Archive: opensuse (3566 mails)
| < Previous | Next > |
Re: [opensuse] Unexplained Network Traffic
- From: Randall R Schulz <rschulz@xxxxxxxxx>
- Date: Mon, 23 Apr 2007 07:42:42 -0700
- Message-id: <200704230742.42824.rschulz@xxxxxxxxx>
Dylan,
On Monday 23 April 2007 07:26, Dylan wrote:
> Hi All,
>
> Since I logged in this morning I've noticed a constant 5KB/s network
> traffic coming into my machine and a small increase in processor
> activity. This is exactly what I would expect if I was streaming
> radio, as I was last night. It may be significant that I
> inadvertantly let the laptop's battery discharge fully last night
> having fallen asleep listening to the radio stream.
When I see that, I usually check /var/log/messages. Typically it's a
barrage of remote break-in attempts directed via ssh. If your system
has secure passwords, you have nothing to worry about--they're just
guessing login name / password combinations in hope of establishing a
foothold on your system.
> Which tools do I need to use to identify what is causing this traffic
> in order to eliminate it (or realise that it's perfectly normal, of
> course!)
If you find this activity onerous, there are scripts that monitor the
pertinent log files and dynamically add firewall rules that block the
originating IP address when they're detected.
> Cheers
>
> Dylan
Randall Schulz
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
On Monday 23 April 2007 07:26, Dylan wrote:
> Hi All,
>
> Since I logged in this morning I've noticed a constant 5KB/s network
> traffic coming into my machine and a small increase in processor
> activity. This is exactly what I would expect if I was streaming
> radio, as I was last night. It may be significant that I
> inadvertantly let the laptop's battery discharge fully last night
> having fallen asleep listening to the radio stream.
When I see that, I usually check /var/log/messages. Typically it's a
barrage of remote break-in attempts directed via ssh. If your system
has secure passwords, you have nothing to worry about--they're just
guessing login name / password combinations in hope of establishing a
foothold on your system.
> Which tools do I need to use to identify what is causing this traffic
> in order to eliminate it (or realise that it's perfectly normal, of
> course!)
If you find this activity onerous, there are scripts that monitor the
pertinent log files and dynamically add firewall rules that block the
originating IP address when they're detected.
> Cheers
>
> Dylan
Randall Schulz
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |