Bad DNS Query for Date & Time

Michael D. Berger m_d_berger_1900 at yahoo.com
Thu Sep 1 19:22:48 BST 2011


On Thu, 01 Sep 2011 18:03:25 +0000, Duncan wrote:

> Michael D. Berger posted on Thu, 01 Sep 2011 14:01:20 +0000 as
> excerpted:
> 
>> Now I ran netstat as you suggested.  There is plenty there that makes
>> me nervous, for example:
>>    /var/run/dbus/system-bus-socket /tmp/ksocket-root/kdeinit4__0
>> and much more.  I would not be surprised if some internal socket were
>> internally confused with eth0.  netstat has numerous options, and I
>> would be happy to receive suggestions on their use to get better
>> information.
> 
> I'm only taking a quick look at this now before I head in to work, but
> here's a quick rundown of the ones I find quite useful.  -l for
> listening ports, -4 for IPv4 (and -6 for IPv6 if you run it, I don't),
> -p to print the associated program, and -v for verbose, are quite
> useful.
> 
> It's also worth noting that by default it'll list UNIX sockets too,
> which should be local-only AFAIK (sort of like loopback), and that you
> should have two dbus sockets, system (root) and session (user).  Here,
> both of them are UNIX sockets and have multiple programs subscribed (in
> client mode, only one can be server/listen).
> 
>> I agree that something looks "seriously screwed", I most certainly will
>> post whatever solution I find.  (I note that I could punt and use
>> iptables -j QUEUE (as I do for other purposes) to parse and block the
>> bad DNS, but I hope for a better solution.)
> 
> 
> Yeah, I use IPTables for various things here, too, but in general leave
> outgoing open, only blocking selected incoming.  This would obviously
> involve blocking selected outgoing.
> 
> I might try setting it to log a bit of the activity, tho, rather than
> block, at least immediately.

I routinely block outgoing as well as incoming on two systems,
except for things whose purpose I know. I do log things I block.

Mike.

___________________________________________________
This message is from the kde mailing list.
Account management:  https://mail.kde.org/mailman/listinfo/kde.
Archives: http://lists.kde.org/.
More info: http://www.kde.org/faq.html.




More information about the kde mailing list