How can i know what programm generates virus traffic to 127.0.0.1 ?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
What makes you think this is the result of a virus?
Plenty of things could generate traffic to localhost including, if memory serves me correctly, X11.
localhost (127.0.0.1) is your local machine. The screenshot shows something talking from your machine to something on your machine. That is normal in most cases. More specifically, tcp port 631 is the printing service, which is most likely implemented by "cups". If you want to get rid of that traffic (on your machine), stop the service "cupsd" or search an installed package like "cups" and uninstall. You will not be able to print though. I would recommend keeping everything as it is if you do not know exactly what you are doing.
Last edited by cepheus11; 02-27-2015 at 06:34 AM.
Reason: typo
no no no..this is virus traffic, because,
in iptables i was allowed traffic from "localhost my pc" to "localhost my PC"
and blocked from "localhost my pc" to "localhost other pc".
in next screenshot we can view next situation: we have traffic from localhost to "ipp" ..and traffic want send "syn" packets for generate connection...and connect is false, because we get answer with "rst,ack" packets.
in next screenshot we can view next situation: we have traffic from localhost to "ipp"
You are confusing "ipp" (the port/protocol) with "localhost" (the host). The first red line shows a packet from localhost:ipp to localhost:54420. Perfectly normal for an answer of your local printing service to some program querying the printers or jobs.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Please just read the documentation for the program you are using to view these things rather than claiming to have a virus.
Sorry if that is a little abrupt but posts by people who "have a virus" without a shred of evidence are frequent and are extremely harmful to Linux as a whole as they are much like "The Boy Who Cried 'Wolf!'" In that when somebody actually does have a problem they can be dismissed.
So, again, please do not post unsubstantiated virus claims out of ignorance and please read some documentation.
Last edited by 273; 02-27-2015 at 07:22 AM.
Reason: Typo's
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by 273
Please just read the documentation for the program you are using to view these things rather than claiming to have a virus.
Sorry if that is a little abrupt but posts by people who "have a virus" without a shred of evidence are frequent and are extremely harmful to Linux as a whole as they are much like "The Boy Who Cried 'Wolf!'" In that when somebody actually does have a problem they can be dismissed.
So, again, please do not post unsubstantiated virus claims out of ignorance and please read some documentation.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.