Why does my PC talk unprompted to mandriva via tcp to ns2.moondrake.net.
MandrivaThis Forum is for the discussion of Mandriva (Mandrake) Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Distribution: Mandriva mostly, vector 5.1, tried many.Suse gone from HD because bad Novell/Zinblows agreement
Posts: 1,606
Rep:
Why does my PC talk unprompted to mandriva via tcp to ns2.moondrake.net.
Hi,
My PC dialogues with ns2.moondrake.net without me knowing why or requesting any data.
When this happens, I have no browser started, no special application either.
I use mandriva LE2005.
Does anybody know why? Has anybody noticed that?
The best way to see that happens is to have the network monitoring graph on,
while the cat5 cable from the cable modem is unplugged. There is only a udp chatter
between the router and PC. About 8 sec after plugging the cable I get this tcp connection
to madriva (see below) the chatter is relatively small, but why is it there?
I have a cable connection going to a router (with integrated firewall), then to eth0.
The PC also runs shorewall.
# nslookup 212.85.150.181
Non-authoritative answer:
181.150.85.212.in-addr.arpa name = ns2.moondrake.net.
Distribution: Mandriva mostly, vector 5.1, tried many.Suse gone from HD because bad Novell/Zinblows agreement
Posts: 1,606
Original Poster
Rep:
I thought the title of the email was clear
http://www.mandriva.com/ is aliased to
ns2.moondrake.net (or vice-versa depending how you see it)
I thought tuxhdtv you were just being funny/sarcastic.
Anyway, I have not even managed to tell which process
is doing the talking. I did a diff on ps -A, that was not enough to tell
which process does talk to mandriva. Maybe net_monitor (I have
the connection rate displayed in that window)?
I have the same question has emmanuel, my rather new installation (mandrake 10.1) start dialing
XXX.XXX.X.XX,37343 -> 212.85.150.181,www
as reported by my firewall (xxx stand for my private network address). I would have control of when and what call the Web and I'm suspicius about this kind of self communication.
But... I don't know how to stop it.
May I admit that what decided me to trow up the Window installation on this new PC was the constant unwanted web connexion ?.
If you have the Mandriva/Mandrake online tools running it periodically tests your network connection (using a ping) and checks for updates. This will show up in your firewall logs as a connection to ns2.moondrake.net.
I would stop these kind of unwanted connexion, and control updates
Right click on the mandrivaonline icon in on your panel (ie. near the clock). Deselct the 'run at startup' type option. Right click it again and click exit.
Remember to use MandrakeUpdate (in the control centre) regularly so you get updates.
Distribution: Mandriva mostly, vector 5.1, tried many.Suse gone from HD because bad Novell/Zinblows agreement
Posts: 1,606
Original Poster
Rep:
Hi, the culprit is net_monitor
netstat -cpe -u --numeric-ports
gave me the pid of the perl code using the port I was monitoring.
I used ethereal to capture a few packets and check what was going on.
In short, I found that /usr/sbin/net_monitor was doing the pings to mandrakesoft.com
/usr/sbin/net_monitor uses a sub called test_connected
It was a bit difficult to find but
test_connected is in /usr/lib/libDrakX/network/tools.pm
and uses a sub called check_link_beat (this does the ping and mandrakesoft.com is in clear there)
Also there is
sub connected() { gethostbyname("mandrakesoft.com") ? 1 : 0 }
which is a very short sub
So it is not mandrivaonline (although it probably works the same)
What I want to do now is change the periodicity of the pings.
I could not find out in /usr/sbin/net_monitor what to change.
The code was not clear enough for a slow mind like mind.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.