[sf-lug] followup on my "interlopers" posting
Alex Kleider
a_kleider at yahoo.com
Wed Jul 18 21:56:01 PDT 2007
I discovered that "linux" is NOT the kernel and was able to dump my
interlopers by issuing a kill command for each instance of the linux
program:
# kill -9 18509
# kill -9 9870
I have sent a polite email to one of the entities suggesting that we
could cooperate to prevent such a connection in the future.
I am still completely baffled as to what those connections really
represented and the mechanism by which they were established.
Does anyone know what the "linux" process is?
Nothing came of issuing
# type linux
Last time I got rid of these guys by rebooting but they started to
reappear after a few days so I suspect they'll be back again. I can get
rid of them as they appear now that I've learned about the ability to
kill the linux process(es) but what I'd really like is to learn what's
happening and how I can prevent the connection.
alex
--- sf-lug-request at linuxmafia.com wrote:
> Send sf-lug mailing list submissions to
> sf-lug at linuxmafia.com
>
> To subscribe or unsubscribe via the World-Wide Web, visit
> http://linuxmafia.com/mailman/listinfo/sf-lug
> or, via e-mail, send a message with subject or body 'help' to
> sf-lug-request at linuxmafia.com
>
> You can reach the person managing the list at
> sf-lug-owner at linuxmafia.com
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of sf-lug digest..."
>
>
> Today's Topics:
>
> 1. Re: next config at Hayes Valley Community Center (Romel
> Jacinto)
> 2. Re: next config at Hayes Valley Community Center (jim
> stockford)
> 3. internet interlopers (Alex Kleider)
> 4. Re: Linux World (Jason Turner)
> 5. Re: next config at Hayes Valley Community Center (Andy Grimm)
> 6. Re: internet interlopers (Rick Moen)
> 7. Re: next config at Hayes Valley Community Center (Jason Turner)
>
>
>
----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 18 Jul 2007 13:48:17 -0700 (Pacific Daylight Time)
> From: Romel Jacinto <penguin at techbandit.com>
> Subject: Re: [sf-lug] next config at Hayes Valley Community Center
> To: SFLUG Mailing List <sf-lug at linuxmafia.com>
> Message-ID: <Pine.WNT.4.64.0707181346250.2260 at SCID10388>
> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
>
> On Tue, 17 Jul 2007, Jason Turner wrote:
>
> > We're meeting this Wednesday, 7/18 5:30p (310 Haight St. at
> Buchanan)
> >
> > to tackle the setup and config of at least one Dell PE 2300 with
> the
> > Edubuntu LTSP server edition.
>
> I was hoping to make it to tonight's event but some after-hours
> systems maintenance has come up.
>
> Good luck with the setup.
>
> --
> Romel
>
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 18 Jul 2007 14:12:10 -0700
> From: jim stockford <jim at well.com>
> Subject: Re: [sf-lug] next config at Hayes Valley Community Center
> To: Jason Turner <jturner at nonzerosums.org>
> Cc: SFLUG Mailing List <sf-lug at linuxmafia.com>
> Message-ID: <631a3bf21cf627cca7b518ebeb63b31c at well.com>
> Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed
>
>
> i recommend the following storage setup:
>
> six SCSI disks are divided into three pairs.
> first of each pair contains the goods, second
> of the pair is a RAID 1 copy.
>
> first pair is boot and OS stuff.
> the second pair is data
> the third pair is backup for the second pair
>
> First pair partitions should be something like
> MBR
> /boot/
> /
> swap
> /var/
> /var/log/
> /var/www/
> swap
> /usr/
> /usr/local/
>
>
>
>
> On Jul 17, 2007, at 12:18 PM, Jason Turner wrote:
>
> > We're meeting this Wednesday, 7/18 5:30p (310 Haight St. at
> Buchanan)
> >
> > to tackle the setup and config of at least one Dell PE 2300 with
> the
> > Edubuntu LTSP server edition. As mentioned to a couple of you at
> the
> > LuG mtg last night, we'd like to get this server in place with some
>
> > sort
> > of RAID setup since Johan was generous enough to give us plenty of
> hot
> > swappable disks along with the servers. The SCSI controller with
> > hardware supported RAID gave us a bit of pause though so anyone
> with
> > experience is especially encouraged to join us and lend your
> expertise.
> > Regardless, all who show up tomorrow hope to have a working server
> at
> > the end of the evening and a successfully booting client.
> >
> > --
> > jt
> >
> >
> > John F. Strazzarino wrote:
> >> Wow, Congrats to Tom and JT for a job well done at the Hayes
> Valley
> >> Community Center.
> >>
> >> I learned a lot just by reading the wiki!
> >>
> >> John
> >>
> >>
>
----------------------------------------------------------------------
>
> >> --
> >> Looking for a deal? Find great prices on flights and hotels
> >> <http://us.rd.yahoo.com/evt=47094/*http://farechase.yahoo.com/;
> >>
>
_ylc=X3oDMTFicDJoNDllBF9TAzk3NDA3NTg5BHBvcwMxMwRzZWMDZ3JvdXBzBHNsawNlb
>
> >> WFpbC1uY20->
> >> with Yahoo! FareChase.
> >>
>
----------------------------------------------------------------------
>
> >> --
> >>
> >> _______________________________________________
> >> sf-lug mailing list
> >> sf-lug at linuxmafia.com
> >> http://linuxmafia.com/mailman/listinfo/sf-lug
> >>
> >
> > _______________________________________________
> > sf-lug mailing list
> > sf-lug at linuxmafia.com
> > http://linuxmafia.com/mailman/listinfo/sf-lug
> >
>
>
>
>
> ------------------------------
>
> Message: 3
> Date: Mon, 16 Jul 2007 21:08:47 -0700
> From: Alex Kleider <alex at kleico.net>
> Subject: [sf-lug] internet interlopers
> To: sf-lug at linuxmafia.com
> Message-ID: <20070717040847.GA15938 at kleico.net>
> Content-Type: text/plain; charset=us-ascii
>
> first thanks to all who have taken the time to help me in the past:
> most recently Jim Stockford and Michael Paoli.
>
> I've done some configuring so that inspite of having a dynamically
> allocated IP address, I'm able from any internet connection to ssh to
> my linux box which sits behind a DSL modem and a Linksys Router. The
> problem is that others have established connections and although I
> haven't been aware of any harm being done, clearly these connections
> shouldn't be there.
> The process on my computer (host name is belmont) that seems to be
> making the connection (port) is called linx so I assume this is the
> kernel itself. If this is true my solution can't be to turn off the
> process!
> Has anyone any ideas what I should do?
> I include the relevant output of the netstat command run with and
> without -np.
> (this is how I discovered the interlopers!) thanks in advance...
> .......... $ netstat
> Active Internet connections (w/o servers)
> Proto Recv-Q Send-Q Local Address Foreign Address
> State
> tcp 0 0 belmont:1027 irc3.easynews.com:6665
> ESTABLISHED
> tcp 0 0 belmont:3377 irc3.easynews.com:6665
> ESTABLISHED
> tcp 0 0 belmont:3725 yui.desync.com:ircd
> ESTABLISHED
> tcp 0 1 belmont:2533 64.161.255.201:6668
> SYN_SENT
> tcp 0 0 belmont:4609 irc3.easynews.com:6665
> ESTABLISHED
> tcp 0 0 belmont:2871 yui.desync.com:ircd
> ESTABLISHED
>
> ...... # netstat -pn
> Active Internet connections (w/o servers)
> Proto Recv-Q Send-Q Local Address Foreign Address
> State PID/Program name
> tcp 0 0 192.168.1.152:1027 69.16.172.40:6665
> ESTABLISHED9870/linux
> tcp 0 1 192.168.1.152:2376 194.109.20.90:6667
> SYN_SENT 9870/linux
> tcp 0 0 192.168.1.152:3377 69.16.172.40:6665
> ESTABLISHED18509/linux
> tcp 0 0 192.168.1.152:3725 64.157.15.117:6667
> ESTABLISHED9870/linux
> tcp 0 0 192.168.1.152:4609 69.16.172.40:6665
> ESTABLISHED18509/linux
> tcp 0 0 192.168.1.152:2871 64.157.15.117:6667
> ESTABLISHED18509/linux
>
>
>
>
> ------------------------------
>
> Message: 4
> Date: Tue, 17 Jul 2007 12:32:40 -0700
> From: Jason Turner <jturner at nonzerosums.com>
> Subject: Re: [sf-lug] Linux World
> To: Rick Moen <rick at linuxmafia.com>
> Cc: sf-lug at linuxmafia.com
> Message-ID: <469D1958.40008 at nonzerosums.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Rick Moen wrote:
> > Quoting Jason Turner (jturner at nonzerosums.org):
> >
> >> JT - available all day long Aug 8th
> >>
> >> I'll ponder some verbiage for an SF-LUG flyer but trust others
> will
> >> have better suggestions. Look forward to seeing the slots
> scheduled.
> >
> > This extremely modest example for CABAL may or may not be useful as
> a
> > model: http://linuxmafia.com/pub/linux/cabal/cabal-flyer.sxw
> >
> > (If it is, please feel welcome to steal at will.)
> >
>
> Short, sweet, easy to read. A fine example. With Rick's permission
> I
> *would* pretty much copy it, subbing the Cabal logo for SF-LUG's
> "LinuxKong" and obviously tweaking the location and invitation
> language.
>
> JimS, CarolB, JohnL, Other? -- can any of you do the layout and
> graphic(s)? I always run from such things..
>
>
> --
> jt
>
>
>
>
>
>
> ------------------------------
>
> Message: 5
> Date: Wed, 18 Jul 2007 16:54:13 -0700
> From: "Andy Grimm" <agrimm at gmail.com>
> Subject: Re: [sf-lug] next config at Hayes Valley Community Center
> To: "SFLUG Mailing List" <sf-lug at linuxmafia.com>
> Message-ID:
> <6d4878ee0707181654v2be80bcas659c89dad8bfbb0e at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> I can drop by if you guys want. I've dealt with Dell HW RAID in a
> past
> life.
>
> Are you planning to use LVM on this? If you're going to deal with
> that
> number of different filesystems, I would highly recommend
> using LVM, sizing conservatively, and leaving space in the physical
> volume
> that you can later use to extend whichever filesystem needs it first.
> I'd
> be happy to lead you through the config for that...
>
> --Andy
>
> On 7/18/07, jim stockford <jim at well.com> wrote:
> >
> >
> > i recommend the following storage setup:
> >
> > six SCSI disks are divided into three pairs.
> > first of each pair contains the goods, second
> > of the pair is a RAID 1 copy.
> >
> > first pair is boot and OS stuff.
> > the second pair is data
> > the third pair is backup for the second pair
> >
> > First pair partitions should be something like
> > MBR
> > /boot/
> > /
> > swap
> > /var/
> > /var/log/
> > /var/www/
> > swap
> > /usr/
> > /usr/local/
> >
> >
> >
> >
> > On Jul 17, 2007, at 12:18 PM, Jason Turner wrote:
> >
> > > We're meeting this Wednesday, 7/18 5:30p (310 Haight St. at
> Buchanan)
> > >
> > > to tackle the setup and config of at least one Dell PE 2300 with
> the
> > > Edubuntu LTSP server edition. As mentioned to a couple of you at
> the
> > > LuG mtg last night, we'd like to get this server in place with
> some
> > > sort
> > > of RAID setup since Johan was generous enough to give us plenty
> of hot
> > > swappable disks along with the servers. The SCSI controller with
> > > hardware supported RAID gave us a bit of pause though so anyone
> with
> > > experience is especially encouraged to join us and lend your
> expertise.
> > > Regardless, all who show up tomorrow hope to have a working
> server at
> > > the end of the evening and a successfully booting client.
> > >
> > > --
> > > jt
> > >
> > >
> > > John F. Strazzarino wrote:
> > >> Wow, Congrats to Tom and JT for a job well done at the Hayes
> Valley
> > >> Community Center.
> > >>
> > >> I learned a lot just by reading the wiki!
> > >>
> > >> John
> > >>
> > >>
>
----------------------------------------------------------------------
> > >> --
> > >> Looking for a deal? Find great prices on flights and hotels
> > >> <http://us.rd.yahoo.com/evtG094/*http://farechase.yahoo.com/;
> > >>
>
_ylc=X3oDMTFicDJoNDllBF9TAzk3NDA3NTg5BHBvcwMxMwRzZWMDZ3JvdXBzBHNsawNlb
> > >> WFpbC1uY20->
> > >> with Yahoo! FareChase.
> > >>
>
----------------------------------------------------------------------
> > >> --
> > >>
> > >> _______________________________________________
> > >> sf-lug mailing list
> > >> sf-lug at linuxmafia.com
> > >> http://linuxmafia.com/mailman/listinfo/sf-lug
> > >>
> > >
> > > _______________________________________________
> > > sf-lug mailing list
> > > sf-lug at linuxmafia.com
> > > http://linuxmafia.com/mailman/listinfo/sf-lug
> > >
> >
> >
> > _______________________________________________
> > sf-lug mailing list
> > sf-lug at linuxmafia.com
> > http://linuxmafia.com/mailman/listinfo/sf-lug
> >
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
>
http://linuxmafia.com/pipermail/sf-lug/attachments/20070718/8396848a/attachment.html
>
>
> ------------------------------
>
> Message: 6
> Date: Wed, 18 Jul 2007 17:02:53 -0700
> From: Rick Moen <rick at linuxmafia.com>
> Subject: Re: [sf-lug] internet interlopers
> To: sf-lug at linuxmafia.com
> Message-ID: <20070719000253.GY25255 at linuxmafia.com>
> Content-Type: text/plain; charset=us-ascii
>
> Quoting Alex Kleider (alex at kleico.net):
>
> > Has anyone any ideas what I should do?
>
> Yes. My recommendation: Use only well-chosen SSH tokens, don't take
> chances with them, don't use them on multiple sites, and cease
> obsessing
> over meaningless doorknob-twisting.
>
> If people have _persistent_ inbound SSH connections to your box that
> you
> don't want them to, then that's a real problem.
>
> --
> Your font is: Proportional Monospaced
> ^
> Matt McIrvin's amazing Font-o-Meter!
>
>
>
> ------------------------------
>
> Message: 7
> Date: Wed, 18 Jul 2007 17:13:35 -0700
> From: Jason Turner <jturner at nonzerosums.org>
> Subject: Re: [sf-lug] next config at Hayes Valley Community Center
> To: Andy Grimm <agrimm at gmail.com>
> Cc: SFLUG Mailing List <sf-lug at linuxmafia.com>
> Message-ID: <469EACAF.7080104 at nonzerosums.org>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> I'm getting ready to head over now. Of course your presence would be
>
> appreciated!
> Jim's suggestion hasn't been discussed beyond the contents of his
> message so there are still plenty of "details" to be sorted.
>
> --
> jt
>
> Andy Grimm wrote:
> > I can drop by if you guys want. I've dealt with Dell HW RAID in a
> > past life.
> >
> > Are you planning to use LVM on this? If you're going to deal with
> > that number of different filesystems, I would highly recommend
> > using LVM, sizing conservatively, and leaving space in the physical
>
> > volume that you can later use to extend whichever filesystem needs
> it
> > first. I'd be happy to lead you through the config for that...
> >
> > --Andy
> >
> > On 7/18/07, *jim stockford* <jim at well.com <mailto:jim at well.com>>
> wrote:
> >
> >
> > i recommend the following storage setup:
> >
> > six SCSI disks are divided into three pairs.
> > first of each pair contains the goods, second
> > of the pair is a RAID 1 copy.
> >
> > first pair is boot and OS stuff.
> > the second pair is data
> > the third pair is backup for the second pair
> >
> > First pair partitions should be something like
> > MBR
> > /boot/
> > /
> > swap
> > /var/
> > /var/log/
> > /var/www/
> > swap
> > /usr/
> > /usr/local/
> >
> >
> >
> >
> > On Jul 17, 2007, at 12:18 PM, Jason Turner wrote:
> >
> > > We're meeting this Wednesday, 7/18 5:30p (310 Haight St. at
> > Buchanan)
> > >
> > > to tackle the setup and config of at least one Dell PE 2300
> with
> > the
> > > Edubuntu LTSP server edition. As mentioned to a couple of
> you
> > at the
> > > LuG mtg last night, we'd like to get this server in place
> with some
> > > sort
> > > of RAID setup since Johan was generous enough to give us
> plenty
> > of hot
> > > swappable disks along with the servers. The SCSI controller
> with
> > > hardware supported RAID gave us a bit of pause though so
> anyone with
> > > experience is especially encouraged to join us and lend your
> > expertise.
> > > Regardless, all who show up tomorrow hope to have a working
> > server at
> > > the end of the evening and a successfully booting client.
> > >
> > > --
> > > jt
> > >
> > >
> > > John F. Strazzarino wrote:
> > >> Wow, Congrats to Tom and JT for a job well done at the Hayes
> Valley
> > >> Community Center.
> > >>
> > >> I learned a lot just by reading the wiki!
> > >>
> > >> John
> > >>
> > >>
> >
>
----------------------------------------------------------------------
> > >> --
> > >> Looking for a deal? Find great prices on flights and hotels
> > >> <
> http://us.rd.yahoo.com/evt=47094/*http://farechase.yahoo.com/;
> > >>
> >
>
_ylc=X3oDMTFicDJoNDllBF9TAzk3NDA3NTg5BHBvcwMxMwRzZWMDZ3JvdXBzBHNsawNlb
> > >> WFpbC1uY20->
> > >> with Yahoo! FareChase.
> > >>
> >
>
----------------------------------------------------------------------
> >
> > >> --
> > >>
> > >> _______________________________________________
> > >> sf-lug mailing list
> > >> sf-lug at linuxmafia.com <mailto:sf-lug at linuxmafia.com>
> > >> http://linuxmafia.com/mailman/listinfo/sf-lug
> > >>
> > >
> > > _______________________________________________
> > > sf-lug mailing list
> > > sf-lug at linuxmafia.com <mailto:sf-lug at linuxmafia.com>
> > > http://linuxmafia.com/mailman/listinfo/sf-lug
> > >
> >
> >
> > _______________________________________________
> > sf-lug mailing list
> > sf-lug at linuxmafia.com <mailto:sf-lug at linuxmafia.com>
> > http://linuxmafia.com/mailman/listinfo/sf-lug
> >
> >
> >
>
------------------------------------------------------------------------
> >
> > _______________________________________________
> > sf-lug mailing list
> > sf-lug at linuxmafia.com
> > http://linuxmafia.com/mailman/listinfo/sf-lug
> >
>
>
>
> ------------------------------
>
> _______________________________________________
> sf-lug mailing list
> sf-lug at linuxmafia.com
> http://linuxmafia.com/mailman/listinfo/sf-lug
>
>
> End of sf-lug Digest, Vol 20, Issue 20
> **************************************
>
alex at kleider.net
____________________________________________________________________________________
Park yourself in front of a world of choices in alternative vehicles. Visit the Yahoo! Auto Green Center.
http://autos.yahoo.com/green_center/
More information about the sf-lug
mailing list