[SOLVED] Machine is FTPing into Walla Walla University.
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Fedora 18, Slackware64 13.37, Windows 7/8
Posts: 386
Rep:
Machine is FTPing into Walla Walla University.
Came in this morning and noticed a connection to
Code:
192.147.172.161:21
So I fired up the terminal and tried to manually connect to this address:
Code:
[nealosis@LISAXPS410FEDORA ~]$ ftp 192.147.172.161
Connected to 192.147.172.161 (192.147.172.161).
220-
220-+---------------------------------------------------------+
220-| Welcome to the Walla Walla University FTP server |
220-| |
220-| Please send suggestions/questions/comments/etc. to |
220-| ftprequest@wallawalla.edu |
220-| |
220-| Please see /FAQ for questions regarding this FTP server |
220-+---------------------------------------------------------+
220
Name (192.147.172.161:lisa): anonymous
331 Please specify the password.
Password:
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
I was able to log in as anonymous and look around. Looks like these are linux update packages on this server and if that's so then I guess its ok.
Is it standard practice for Linux workstations to establish anonymous FTP connections behind the scenes like this?
Distribution: Fedora 18, Slackware64 13.37, Windows 7/8
Posts: 386
Original Poster
Rep:
Quote:
Originally Posted by chrism01
Is it using that Uni as a repo for auto updates?
If its using a mirrorlist, you may have to do some digging to check.
It took a few days but this morning this Fedora machine is again establishing FTP connections behind my back to WallaWalla university. lsof reports nothing at all.
Maybe the connection was dropped before the lsof? --run netstat again
Code:
netstat -tn | grep -i 21
tcp 0 0 192.168.2.109:39879 98.124.49.250:21 ESTABLISHED
tcp 0 0 192.168.2.109:53421 192.147.172.161:21 ESTABLISHED
tcp 0 0 192.168.2.109:44583 140.211.166.134:21 ESTABLISHED
Not sure what to do now. How do I track down what process is making these ftp connections? Even if this connection is legit, I'm not comfortable with any process making anonymous connections to remote servers without rendering a dialog or something to indicate that what's going on is legit.
Ok, so it looks like this is some yum process backend. I wonder if there is a setting where I can diable this phone-home action? If I want to update yum then I use 'yum update'; I don't need (or want) it phoning home on its own.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.