On 2020-02-21 06:49, home user wrote:
(on 02/20/2020 at 2:10pm mountain time, Ed said)
> Do you have a fixed IP or dynamic IP?
I believe it's fixed, provided by the ISP (comcast).
> What services do you run on your system? It helps to know what area you're
concerned with.
* Firefox, Thunderbird, Tor (rarely), dnf, zoom (for meetings). (What counts as
"services" here?)
None. Those are all clients.
Examples of a service are
sshd - for allowing incoming ssh connections
httpd - for running a web server
named - for a dns server
* Other uses of internet are "under the hood" and mostly
unknown/invisible to me.
* Oddball: when logged in as root, and I launch a terminal, several seconds later, I see
a short wave of internet activity; this is very consistent. What's going on there?
If you want to know what is going on you'd need to use something like
"wireshark" to capture the network
activity and examine it.
* No one is authorized to connect in from outside; I myself do not
try to do so.
I don't know what that means.
This morning, I got 2 messages from the bank saying 2 attempts to make purchases via
paypal were rejected because the card had not yet been activated. I called the bank. The
messages were legitimate. Curious: the card is near expiration, and a new one (same
number) had just been made/mailed. The bank then de-activated the card. I do not know
what other personal info the malicious person/group got, where the info came from, or who
the malicious person/group is. I think it wise for me to check that no one is getting
into my system. Thus this thread. By the way, both chkrootkit and rkhunter reported my
system is clean later this morning. I do realize they don't check everything.
Well, that sounds much more you information was leaked by PayPal. Not your system.
--
The key to getting good answers is to ask good questions.