On Wed, 2020-12-02 at 16:09 +0000, home user wrote:
--------------- begin text file ---------------
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State User
Inode PID/Program name
tcp 0 0 coyote:domain 0.0.0.0:* LISTEN root
31188 1084/dnsmasq
tcp 0 0 0.0.0.0:ipp 0.0.0.0:* LISTEN root
22447 947/cupsd
tcp 0 0 localhost:smtp 0.0.0.0:* LISTEN root
39031 1680/sendmail: acce
tcp6 0 0 [::]:ipp [::]:* LISTEN root
22448 947/cupsd
udp 0 0 0.0.0.0:mdns 0.0.0.0:* avahi
22058 748/avahi-daemon: r
udp 0 0 coyote:domain 0.0.0.0:* root
31187 1084/dnsmasq
udp 0 0 0.0.0.0:bootps 0.0.0.0:* root
31184 1084/dnsmasq
udp 0 0 c-98-245-12-4.hs:bootpc denv01dhcp-ho-02:bootps ESTABLISHED root
29795 862/NetworkManager
udp 0 0 localhost:323 0.0.0.0:* root
25199 763/chronyd
udp 0 0 0.0.0.0:58501 0.0.0.0:* avahi
22060 748/avahi-daemon: r
udp6 0 0 [::]:mdns [::]:* avahi
22059 748/avahi-daemon: r
udp6 0 0 localhost:323 [::]:* root
25200 763/chronyd
udp6 0 0 coyote:dhcpv6-client [::]:* root
30632 862/NetworkManager
udp6 0 0 [::]:33746 [::]:* avahi
22061 748/avahi-daemon: r
If you look at the last column, you can see what's involved with those
things: DNSmasq (your local DNS server), CUPSD (your local printer
server), sendmail (your local mail server), AVAHI-DAEMON (part of your
local networking, finding out your IP address, finding other things in
your network), NETWORK MANAGER (handling your network), CHRONYD (your
local time server managing your clock).
All normal stuff, although they're listening to any address, rather
than only listening to local addresses. That could be tightened up for
some things, at least. I see no reason for CUPS to listen outside of
your LAN, for instance.
LANs are chatty, especially when you throw CUPS and mDNS into the mix.
CUPS advertises itself, and looks for printers. AVAHI, etc., are
always on the lookout for other things on your LAN. It's next to
impossible to stop the LEDs blinking on your network port in a LAN.
And there's always going to be loads of DNS lookups while things are
being used by you. When you browse a webpage, the page is made up of
content dragged in from all over the place, text, graphics, scripts,
etc., the browser has to find them. You can get the same kind of thing
with HTML mail, too.
Regarding the other set of data with all the comcast addresses, I can't
comment, as I have no idea what the data is in the adjacent columns. I
hate programs which spew out data without titling what it is.
If, however, it is like Stan said (people scanning for exploitable
ports within comcast), then my opinion is that you report that to
comcast, and suggest that they either deal with their customers who are
nefariously scanning their network, or fix their firewall to stop
outsiders scanning their network. Either way, that's *their* job.
But first, confirm it is exploit scanning. I can't tell from the data
you provided.
Looking at some of the domain names, I would have thought you'd logged
this while you're using your web browser.
--
uname -rsvp
Linux 3.10.0-1160.6.1.el7.x86_64 #1 SMP Tue Nov 17 13:59:11 UTC 2020 x86_64
Boilerplate: All unexpected mail to my mailbox is automatically deleted.
I will only get to see the messages that are posted to the mailing list.