The following number of connections was returned by netstat -atupn while Firefox was already closed and killall-ed to show that it really had sucessfully closed itself before (It was open only for short mainly in order to reboot my router.): Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 192.168.100.101:50056 5.196.185.225:80 TIME_WAIT - tcp 0 0 192.168.100.101:35860 92.92.207.51:80 TIME_WAIT - tcp 0 0 192.168.100.101:40912 195.154.59.140:80 TIME_WAIT - tcp 0 0 192.168.100.101:58746 178.63.62.19:80 TIME_WAIT - tcp 0 0 192.168.100.101:40482 52.32.86.111:443 TIME_WAIT - tcp 0 0 192.168.100.101:43256 46.4.37.89:80 TIME_WAIT - udp 0 0 192.168.100.101:59824 193.170.62.252:123 ESTABLISHED 328/ntpd: ntp engin udp 0 0 192.168.100.101:40120 80.64.132.152:123 ESTABLISHED 328/ntpd: ntp engin udp 0 0 0.0.0.0:68 0.0.0.0:* 304/dhcpcd There should not be any unnamed daemon opening up such connections under Arch Linux when netstat -atupn is run as root, right? (At least I have installed none; I already know from previous netstats that Arch is very strict with its default configuration in this regard.) What has made me look was a 100% CPU load indicated by my CPU fan but actually not by the KDE GUI (sorry, forgot to run top and do similar things). The 100% 'fan' load remained after unplugging the cable; as well as the connections shown by netstat. I would believe that it is not an attack by an US-service because usually with similar incidents no such connection list is returned by netstat. Perhaps anyone can be helpful with that? Elmar