ok, for the person who has been out of the biz for 25 years, during which things have changed (and that was solaris, with some differences, and a good corporate firewall) can soomebody point me to how to get rid of that stuff??

Carey

On 09/23/2025 1:21 PM CDT Don Tai <dontai.canada@gmail.com> wrote:
 
 
162.159.134.234 cloudflare
23.220.246.152 akamai
3.233.158.26 AZN
184.25.113.134 Akamai
151.101.3.52 skyca, Fastly
 
You could download nmap and scan your ports. It will tell you if you have ports open. When I used to try to hack linux boxes (my own), Linux was really secure. Nothing should be open, unlike Win machines.
 

On Tue, 23 Sept 2025 at 13:56, CAREY SCHUG via Talk <talk@lists.gtalug.org> wrote:
FIrst, it looks like the probem is my linux desktop.  traffic going all over the place when i am doing essentially nothing.

and I have confirmed the ip addresses of my windows computers in the log i created on my desktop. explain how that can be unless wireshark has put my port into promiscuous mode.

I am getting MANY ip addresses that are not mine, talking to my desktop ip address.

just going throught he first part and eyeballing for different ip addresses (I am sure I missed some), maybe 2% of the whole file, I found the following:

cat wireshark|grep 162.159.134.234|wc -l
cat wireshark|grep 23.220.246.152|wc -l
cat wireshark|grep 3.233.158.26|wc -l
cat wireshark|grep 184.25.113.134|wc -l
cat wireshark|grep 3.233.158.25|wc -l
cat wireshark|grep 151.101.3.52|wc -l
cat wireshark|grep 207.65.32.79|wc -l
cat wireshark|grep 3.233.158.25|wc -l
cat wireshark|grep 18.206.77.82|wc -l
cat wireshark|grep 98.87.185.133|wc -l
cat wireshark|grep 18.160.225.46|wc -l
75
852
2589
63
2813
531
408
2813
13
14
152

if wireshark or some other existing tool cannot go through my listing and extract all the ip addresses, i will work on that, or do other research to find what malware could have infected my computer.

question: could it be accidental or malicious p2p filesharing was started on my computer?  how would I look for the task running it and kill it and prevent it from restarting?

Carey

> On 09/23/2025 12:17 PM CDT James Knott <james.knott@jknott.net> wrote:
>

> On 9/23/25 13:09, CAREY SCHUG wrote:
> > comcast<-->monoprice 8 port gigabit switch<-->monoprice 8 prt gb switch
>
> I have no idea about what that switch can do.  Since you don't want to
> use one of your Cisco switches, then buy a cheap managed switch and
> follow my instructions.  You should be able to find one for around $20 -
> $30.
------------------------------------
Description: GTALUG Talk
Unsubscribe via Talk-unsubscribe@lists.gtalug.org
Start a new thread: talk@lists.gtalug.org
This message archived at https://lists.gtalug.org/archives/list/talk@lists.gtalug.org/message/EAIQZXPUZATCU7PML24BJ6BWLBEKKQW4/