Another suggestion, get Wireshark for sniffing traffic, run a sniffer trace as you are using the machine. You'll want to capture any IP (layer 3) traffic leaving or entering your machine (may want to setup filters to reduce capture size). This may be a way to start your analysis.
Disable any services (daemons) running on the machine that are not required with a listening port:
sudo netstat -tulpn | grep LISTEN
above will display listening ports
This is at least a start
Frank
On Thu, Feb 20, 2020 at 5:50 PM home user mattisonw@comcast.net wrote:
(on 02/20/2020 at 2:10pm mountain time, Ed said)
Do you have a fixed IP or dynamic IP?
I believe it's fixed, provided by the ISP (comcast).
What services do you run on your system? It helps to know what area
you're concerned with.
- Firefox, Thunderbird, Tor (rarely), dnf, zoom (for meetings). (What
counts as "services" here?)
- Other uses of internet are "under the hood" and mostly
unknown/invisible to me.
- Oddball: when logged in as root, and I launch a terminal, several
seconds later, I see a short wave of internet activity; this is very consistent. What's going on there?
- No one is authorized to connect in from outside; I myself do not try
to do so.
This morning, I got 2 messages from the bank saying 2 attempts to make purchases via paypal were rejected because the card had not yet been activated. I called the bank. The messages were legitimate. Curious: the card is near expiration, and a new one (same number) had just been made/mailed. The bank then de-activated the card. I do not know what other personal info the malicious person/group got, where the info came from, or who the malicious person/group is. I think it wise for me to check that no one is getting into my system. Thus this thread. By the way, both chkrootkit and rkhunter reported my system is clean later this morning. I do realize they don't check everything.
I'll try Frank's suggestion and respond to him later; I'm researching it first.
Bill. _______________________________________________ users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org