Bad DNS Query for Date & Time
Duncan
1i5t5.duncan at cox.net
Thu Sep 1 19:03:25 BST 2011
Michael D. Berger posted on Thu, 01 Sep 2011 14:01:20 +0000 as excerpted:
> Now I ran netstat as you suggested. There is plenty there that makes me
> nervous, for example:
> /var/run/dbus/system-bus-socket /tmp/ksocket-root/kdeinit4__0
> and much more. I would not be surprised if some internal socket were
> internally confused with eth0. netstat has numerous options,
> and I would be happy to receive suggestions on their use to get better
> information.
I'm only taking a quick look at this now before I head in to work, but
here's a quick rundown of the ones I find quite useful. -l for listening
ports, -4 for IPv4 (and -6 for IPv6 if you run it, I don't), -p to print
the associated program, and -v for verbose, are quite useful.
It's also worth noting that by default it'll list UNIX sockets too, which
should be local-only AFAIK (sort of like loopback), and that you should
have two dbus sockets, system (root) and session (user). Here, both of
them are UNIX sockets and have multiple programs subscribed (in client
mode, only one can be server/listen).
> I agree that something looks "seriously screwed", I most certainly will
> post whatever solution I find. (I note that I could punt and use
> iptables -j QUEUE (as I do for other purposes) to parse and block the
> bad DNS, but I hope for a better solution.)
Yeah, I use IPTables for various things here, too, but in general leave
outgoing open, only blocking selected incoming. This would obviously
involve blocking selected outgoing.
I might try setting it to log a bit of the activity, tho, rather than
block, at least immediately.
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
___________________________________________________
This message is from the kde mailing list.
Account management: https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.
More information about the kde
mailing list