[arch-security] strange netstat connections after having opened Firefox
Elmar Stellnberger
estellnb at elstel.org
Fri Dec 4 18:49:29 UTC 2015
The following number of connections was returned by netstat -atupn while
Firefox was already closed and killall-ed to show that it really had
sucessfully closed itself before (It was open only for short mainly in
order to reboot my router.):
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 192.168.100.101:50056 5.196.185.225:80
TIME_WAIT -
tcp 0 0 192.168.100.101:35860 92.92.207.51:80
TIME_WAIT -
tcp 0 0 192.168.100.101:40912 195.154.59.140:80
TIME_WAIT -
tcp 0 0 192.168.100.101:58746 178.63.62.19:80
TIME_WAIT -
tcp 0 0 192.168.100.101:40482 52.32.86.111:443
TIME_WAIT -
tcp 0 0 192.168.100.101:43256 46.4.37.89:80
TIME_WAIT -
udp 0 0 192.168.100.101:59824 193.170.62.252:123
ESTABLISHED 328/ntpd: ntp engin
udp 0 0 192.168.100.101:40120 80.64.132.152:123
ESTABLISHED 328/ntpd: ntp engin
udp 0 0 0.0.0.0:68 0.0.0.0:*
304/dhcpcd
There should not be any unnamed daemon opening up such connections under
Arch Linux when netstat -atupn is run as root, right? (At least I have
installed none; I already know from previous netstats that Arch is very
strict with its default configuration in this regard.)
What has made me look was a 100% CPU load indicated by my CPU fan but
actually not by the KDE GUI (sorry, forgot to run top and do similar
things). The 100% 'fan' load remained after unplugging the cable; as
well as the connections shown by netstat. I would believe that it is not
an attack by an US-service because usually with similar incidents no
such connection list is returned by netstat. Perhaps anyone can be
helpful with that?
Elmar
More information about the arch-security
mailing list