Bad DNS Query for Date & Time

Duncan 1i5t5.duncan at cox.net
Thu Sep 1 19:03:25 BST 2011 

Michael D. Berger posted on Thu, 01 Sep 2011 14:01:20 +0000 as excerpted:

> Now I ran netstat as you suggested.  There is plenty there that makes me
> nervous, for example:
>    /var/run/dbus/system-bus-socket /tmp/ksocket-root/kdeinit4__0
> and much more.  I would not be surprised if some internal socket were
> internally confused with eth0.  netstat has numerous options,
> and I would be happy to receive suggestions on their use to get better
> information.

I'm only taking a quick look at this now before I head in to work, but 
here's a quick rundown of the ones I find quite useful.  -l for listening 
ports, -4 for IPv4 (and -6 for IPv6 if you run it, I don't), -p to print 
the associated program, and -v for verbose, are quite useful.

It's also worth noting that by default it'll list UNIX sockets too, which 
should be local-only AFAIK (sort of like loopback), and that you should 
have two dbus sockets, system (root) and session (user).  Here, both of 
them are UNIX sockets and have multiple programs subscribed (in client 
mode, only one can be server/listen).

> I agree that something looks "seriously screwed", I most certainly will
> post whatever solution I find.  (I note that I could punt and use
> iptables -j QUEUE (as I do for other purposes) to parse and block the
> bad DNS, but I hope for a better solution.)


Yeah, I use IPTables for various things here, too, but in general leave 
outgoing open, only blocking selected incoming.  This would obviously 
involve blocking selected outgoing.

I might try setting it to log a bit of the activity, tho, rather than 
block, at least immediately.

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

___________________________________________________
This message is from the kde mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.

More information about the kde mailing list