I was hoping for some advice on a potential java exploit that i experienced.
I keep fairly close track on my current active internet connections through the use of the command netstat -tupan. Especially when anything odd seems to occur...after a while you get a feel for what is and isnt right.
anyway i was trying to register for a forum,
www.knowfirst.org
but experienced odd problems...such as the verification image being missing, the page intermittently not being available from the web site, it's there, then it isnt...etc. there was some other issues but you get the idea.
I issued netstat -tupan, and it showed a tcp6 java vm connection established to a site apparently in the states. The ip was 207.234.186.3.
Does anyone know what a tcp6 connection is as apposed to a standard tcp connection? Should i somehow disable tcp6 connections?
This is NOT normal, i keep a close eye on what connection are normally there.
I had previously not instigated this connection or executed any java app, or knowingly clicked on anything related to java. The forum had a link to send an icq message to one of the adminstrators, so i did use this to send a message to inform the admin that his web site had problems. I dont know how the connection got there or if my system was compramised in any way. I had not been surfing long, so i dont think there was alot of time to do anything.
chkrootkit did not find anything, and i NEVER run as root.
After googleing i found this explanation of proof of concept,
http://www.enyo.de/fw/security/java-firewall/
that the problem exists.
The scary thing is, that it sailed straight through a decent hardware firewall. I have since turned Java off (java script does not appear to be affected)
Has anyone heard of this? Are there any other steps i could take to prevent this sort of attack (without turning off java) . Are there any steps i should take to report the IP address? if so how? or is it even worth reporting it?
If nothing else people SHOULD be made aware of how easy this could happen to YOU!
There does not appear to be a bug-fix YET.
Any ideas?
Safe surfing to everyone!
Cheers Yogstr