Results 1 to 5 of 5

Thread: Non-Stop DNS Requests

  1. #1
    Just burned his ISO
    Join Date
    Jul 2007
    Posts
    5

    Default Non-Stop DNS Requests

    I've searched both online and on the forums here for the answer to this, but have come up short.

    During some sniffing operations, I noticed that my box is pretty noisy on any network it's connected to in that it is sending DNS requests for ibiblio.org every 10 seconds.

    I have tried to track down the application serving out these requests using netstat -pa, but don't see any entries performing this operation (even after continually looping a netstat -pa | grep domain for a while).

    I have also turned off all resolution by the sniffer (wireshark) to make sure it wasn't the culprit.

    Anyone have any idea where this might be coming from and how to shit it down? It's really not activity I want broadcasting my presence on a network.

    Here's the results of a ps -ax run on the system:
    PID TTY STAT TIME COMMAND
    1 ? Ss 0:02 init [3]
    2 ? SN 0:00 [ksoftirqd/0]
    3 ? S< 0:00 [events/0]
    4 ? S< 0:00 [khelper]
    5 ? S< 0:00 [kthread]
    96 ? S< 0:00 [kblockd/0]
    97 ? S< 0:00 [kacpid]
    252 ? S< 0:00 [ata/0]
    253 ? S< 0:00 [ata_aux]
    254 ? S< 0:00 [ksuspend_usbd]
    257 ? S< 0:00 [khubd]
    259 ? S< 0:00 [kseriod]
    280 ? S 0:00 [pdflush]
    281 ? S 0:00 [pdflush]
    282 ? S< 0:00 [kswapd0]
    283 ? S< 0:00 [aio/0]
    284 ? S< 0:00 [jfsIO]
    285 ? S< 0:00 [jfsCommit]
    286 ? S< 0:00 [jfsSync]
    287 ? S< 0:00 [xfslogd/0]
    288 ? S< 0:00 [xfsdatad/0]
    984 ? S< 0:00 [scsi_eh_2]
    985 ? S< 0:00 [scsi_eh_3]
    986 ? S< 0:00 [scsi_eh_4]
    987 ? S< 0:00 [scsi_eh_5]
    1013 ? S< 0:00 [exec-osm/0]
    1018 ? S< 0:00 [block-osm/0]
    1042 ? S< 0:00 [kcryptd/0]
    1043 ? S< 0:00 [kmpathd/0]
    1044 ? S< 0:00 [ksnapd]
    1046 ? S< 0:00 [kmirrord]
    1050 ? S< 0:00 [reiserfs/0]
    1132 ? S<s 0:00 /sbin/udevd --daemon
    1853 ? S< 0:00 [tifm0]
    1854 ? S< 0:00 [kmmcd]
    1985 ? S< 0:00 [khpsbpkt]
    2020 ? S< 0:00 [pccardd]
    2021 ? S< 0:00 [knodemgrd_0]
    2124 ? S< 0:00 [kpsmoused]
    2223 ? Ss 0:00 /usr/sbin/syslogd
    2226 ? Ss 0:00 /usr/sbin/klogd -c 3 -x
    2279 ? S 0:00 /usr/sbin/crond -l10
    2282 ? Ss 0:00 /usr/sbin/acpid
    2317 ? Ss 0:00 /usr/sbin/gpm -m /dev/mouse -t ps2
    2536 ? S 0:00 /bin/bash /usr/bin/fstab-update --daemon
    2786 tty1 Ss 0:00 -bash
    2787 tty2 Ss+ 0:00 /sbin/agetty 38400 tty2 linux
    2788 tty3 Ss+ 0:00 /sbin/agetty 38400 tty3 linux
    2789 tty4 Ss+ 0:00 /sbin/agetty 38400 tty4 linux
    2790 tty5 Ss+ 0:00 /sbin/agetty 38400 tty5 linux
    2791 tty6 Ss+ 0:00 /sbin/agetty 38400 tty6 linux
    2896 tty1 S+ 0:00 /bin/sh /usr/X11R6/bin/startx
    2912 tty1 S+ 0:00 /usr/X11R6/bin/xinit /usr/X11R6/lib/X11/xinit/xinitrc -- -auth /root/.se
    2913 tty7 S<s+ 1:04 X :0 -auth /root/.serverauth.2896
    2927 tty1 S 0:00 /bin/sh /usr/X11R6/lib/X11/xinit/xinitrc
    2931 tty1 S 0:00 /bin/sh /opt/kde/bin/startkde
    2967 ? Ss 0:00 kdeinit Running...
    2972 ? S 0:00 dcopserver [kdeinit] --nosid
    2974 ? S 0:00 klauncher [kdeinit] --new-startup
    2976 ? S 0:42 kded [kdeinit] --new-startup
    2985 tty1 S 0:00 kwrapper ksmserver
    2987 ? S 0:00 ksmserver [kdeinit]
    2988 ? S 0:02 kwin [kdeinit] -session 10736c6178000117232847800000030170000_1173165025
    2992 ? S 0:00 kdesktop [kdeinit]
    2996 ? S 0:08 kicker [kdeinit]
    2997 ? S 0:00 kio_file [kdeinit] file /tmp/ksocket-root/klauncherEaReab.slave-socket /
    3003 ? S 0:00 kxkb [kdeinit]
    3007 ? SL 0:44 artsd -F 10 -S 4096 -a alsa -m artsmessage -c drkonqi -l 3 -f
    3013 ? S 0:00 kaccess [kdeinit]
    3016 ? S 0:00 krandrtray -session 10736c6178000117232848400000030170007_1173165025_4 74
    3020 ? S 0:00 kmix [kdeinit] -session 10736c6178000117232848400000030170008_1173165025
    3023 ? S 0:00 knotify [kdeinit]
    3401 ? S 0:00 /bin/sh -c wicrawl;sudo -s
    3538 ? S 0:00 /bin/bash
    6106 ? S< 0:00 [ipw3945/0]
    6107 ? S< 0:00 [ipw3945/0]
    6127 ? S 0:03 /sbin/ipw3945d
    6202 ? S 0:00 ksystraycmd sudo wlassistant
    6203 ? S 0:00 wlassistant
    14174 ? S 0:01 konsole [kdeinit] --ls
    14177 pts/1 Ss 0:00 -bash
    14768 ? S 0:00 /bin/sh /usr/bin/firefox
    14779 ? S 0:00 /bin/sh /opt/firefox/run-mozilla.sh /opt/firefox/firefox-bin
    14784 ? Sl 0:59 /opt/firefox/firefox-bin
    14788 ? S 0:00 /usr/local/libexec/gconfd-2 12
    15165 ? S 0:02 wireshark
    28263 ? S 0:00 sleep 1
    28264 pts/1 R+ 0:00 ps ax

    I'm not used to using x/kde (typically stick to my shell) so not even sure what's what in a lot of this (and consequently, what may be causing this traffic).

    Thanks everyone!

  2. #2
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Do you happen to be on the University of North Carolina's Campus?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  3. #3
    Just burned his ISO
    Join Date
    Jul 2007
    Posts
    5

    Default

    No I am not.. heh.. Getting hammered there by similar requests?

  4. #4
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by PsySpy View Post
    No I am not.. heh.. Getting hammered there by similar requests?
    No, does it go away when you close FireFox?

    Did you happen to go to Ibiblio.org and see what it is?
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  5. #5
    Just burned his ISO
    Join Date
    Jul 2007
    Posts
    5

    Default

    Closing firefox did nothing (I had tried that earlier). I also looked into ibiblio, which is actually a really cool online library/repository. Lots of good tech papers/docs on it, in addition to a whole lot of other stuff.

    Anyways, I found the cause of the dns requests - Wireless Assistant. I guess so long as you have it open, it keeps trying to resolve ibiblio.org in an attempt to detect connection status.

    But - at least this will now be in the archives if anyone else runs into it. Thanks for the replies anyhow streaker - it led me to the right solution after searching all day.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •