This morning I noticed that on my Ubuntu 8.10 machine that System Monitor is reporting downloads at approximately 25 to 60 KiB/s despite the fact that nothing is supposed to be downloading. Not knowing what exactly to look for, I have checked the services running using System Monitor and Top but did not notice anything strange.

I checked my Router and Session Table reflected connection to my machine's IP address on destination port 53 - is it possible that a UDP request/reply can have this result?

Could anybody assist me in trying to establish what process is responsible for the download and why this is happening? Any assistance in this regard will be greatly appreciated, thank you in advance.

Ps. Broadband connections are capped in South Africa (also very expensive) and at this rate I will use the bulk of my data bundle by the end of the day.

Hi.

Install and run Wireshark (formerly Ethereal) to see what the traffic really is.

Dave

If you look at /etc/services, you'll find

domain 53/tcp # name-domain server
domain 53/udp

ie that's the DNS port and can be udp OR tcp (used if query is too large). Possibly someone is trying the exploit this: http://www.unixwiz.net/techtips/igui...-dns-vuln.html

HTH