-----BEGIN PGP SIGNED MESSAGE----- This is one of the IP addresses of http.us.debian.org.
My ISP reports over a 1GB of data transfered from it to 192.139.46.28 which is one of my debian boxes (behind a NetBSD firewall). I do not see anything strange about the box (but, I could be patched). I just went to look to see if dpkg had some tripwire equivalent built in (not that I can see so far) to verify the system. When I went to update, that is when I discovered that 209.10.41.242 was http.us.debian.org, since my tcpdump elsewhere showed it. I did install another box (.26) on Monday. The ports that my ISP's netflow logs report are all <1024. (On both ends) Whether or not my box has been infiltrated is an open question. Could 209.10.41.242 have been compromised? (finger for PGP key) ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] [EMAIL PROTECTED] http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another NetBSD/notebook using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: 2.6.3ia Charset: latin1 Comment: Processed by Mailcrypt 3.5.6, an Emacs/PGP interface iQCVAwUBO4QTj4qHRg3pndX9AQG3RAP9EI3qgOgCdgS7WZ9z6yvGaMBgBQ9ZF3V6 6HHavSou5VRoihaHOT66dweJoSTFURV6bJtxLLvjKjnunC8Utnt039jyM96VRvKJ BWmiMXMxmb1BwGo/Eg+UhL2veGgtzVHwVXG2OtCuNMybvaDSSZj6hQje3z+3OKXv wXsU/7JQrSw= =vc4Z -----END PGP SIGNATURE-----
