How many win computers do you have running? Turn off one and see if the net traffic is reduced. Then keep turning off one computer at a time. One or more of these win computers are in a bot network. I would trust that the Linux computers are solid. I have, i the past scanned multiple (my) linux computers, and they were shut tight. There are also very few, multiple times fewer security vulnerabilities with a linux system. Trying to crack a linux computer is extremely difficult. On Tue, 23 Sept 2025 at 16:37, CAREY SCHUG <sqrfolkdnc@comcast.net> wrote:
ok, nmap sounds like it does everything but eat. (we had a mainframe utility called debe for that)
any intro web pages for a novice?
in my less than 30 minutes of scanning, i had over 32000 packets in/out of my desktop. to a large variety of ip addresses when I am not doing anything but email
something is running without my permission
how do I determine what it is?
like list activity by port number as a starting point?
Carey
On 09/23/2025 1:21 PM CDT Don Tai <> wrote:
162.159.134.234 cloudflare 23.220.246.152 akamai 3.233.158.26 AZN 184.25.113.134 Akamai 151.101.3.52 skyca, Fastly
You could download nmap and scan your ports. It will tell you if you have ports open. When I used to try to hack linux boxes (my own), Linux was really secure. Nothing should be open, unlike Win machines.
On Tue, 23 Sept 2025 at 13:56, CAREY SCHUG via Talk <talk@lists.gtalug.org> wrote:
FIrst, it looks like the probem is my linux desktop. traffic going all over the place when i am doing essentially nothing.
and I have confirmed the ip addresses of my windows computers in the log i created on my desktop. explain how that can be unless wireshark has put my port into promiscuous mode.
I am getting MANY ip addresses that are not mine, talking to my desktop ip address.
just going throught he first part and eyeballing for different ip addresses (I am sure I missed some), maybe 2% of the whole file, I found the following:
cat wireshark|grep 162.159.134.234|wc -l cat wireshark|grep 23.220.246.152|wc -l cat wireshark|grep 3.233.158.26|wc -l cat wireshark|grep 184.25.113.134|wc -l cat wireshark|grep 3.233.158.25|wc -l cat wireshark|grep 151.101.3.52|wc -l cat wireshark|grep 207.65.32.79|wc -l cat wireshark|grep 3.233.158.25|wc -l cat wireshark|grep 18.206.77.82|wc -l cat wireshark|grep 98.87.185.133|wc -l cat wireshark|grep 18.160.225.46|wc -l 75 852 2589 63 2813 531 408 2813 13 14 152
if wireshark or some other existing tool cannot go through my listing and extract all the ip addresses, i will work on that, or do other research to find what malware could have infected my computer.
question: could it be accidental or malicious p2p filesharing was started on my computer? how would I look for the task running it and kill it and prevent it from restarting?
Carey