Fedora Linux Support Community & Resources Center

Go Back   FedoraForum.org > Fedora 25/26 > Security and Privacy
FedoraForum Search

Forgot Password? Join Us!

Security and Privacy Sadly, malware, spyware, hackers and privacy threats abound in today's world. Let's be paranoid and secure our penguins, and slam the doors on privacy exploits.

Thread Tools Search this Thread Display Modes
Old 25th April 2017, 12:03 AM
Unicorn Offline
Registered User
Join Date: Apr 2017
Location: UK
Posts: 1
Exclamation Possible nefarious activity on my KVM box

Tried to run virt-manager over ssh connection and it wouldn't launch, I then discovered by X DISPLAY value was this
[root@KVM2 ~]# echo $DISPLAY

And this:

[root@KVM2 ~]# xauth list
localhost.localdomain/unix:10 MIT-MAGIC-COOKIE-1 1b34adebbab11a5d048084dfffd1922a MIT-MAGIC-COOKIE-1 adc7e78c4d6a16fbd9c9bc1db871a532 MIT-MAGIC-COOKIE-1 e6cb3dfd4414663eb793ce94c04b7996 MIT-MAGIC-COOKIE-1 e727669b5ea216637bbc520ba0406715
KVM2:11 MIT-MAGIC-COOKIE-1 ec6b2be7015527bba8fed69f440fc548
KVM2:10 MIT-MAGIC-COOKIE-1 7d1838147f90f451e2284143fed4a4f0
163.bobsmortuary.com:11 MIT-MAGIC-COOKIE-1 ffdf060af9c506a6105a297cdaabfeac
163.bobsmortuary.com:12 MIT-MAGIC-COOKIE-1 e8debcb69f47281766feda1dd504100f
163.bobsmortuary.com:10 MIT-MAGIC-COOKIE-1 0fc5265fc0d055e460217166239317ce

NetRange: -
NetHandle: NET-75-125-0-0-1
Parent: NET75 (NET-75-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS13884, AS36420, AS30315, AS13749, AS21844
Organization: SoftLayer Technologies Inc. (SOFTL)
RegDate: 2007-06-11
Updated: 2017-04-11
Ref: https://whois.arin.net/rest/net/NET-75-125-0-0-1

OrgName: SoftLayer Technologies Inc.
Address: 4849 Alpha Rd.
City: Dallas
StateProv: TX
PostalCode: 75244
Country: US
RegDate: 2005-10-26
Updated: 2017-01-28

I noticed this after I upgraded to fedora 24, The IP address appears to belong to Softlayer which I believe was purchased by IBM? My system is a test box running KVM that only connect to the internet to receive updates. Anyone ever seen anything like this before?
Reply With Quote
Old 25th April 2017, 01:52 PM
morshead Offline
Registered User
Join Date: Apr 2017
Location: Adelaide
Posts: 1
Re: Possible nefarious activity on my KVM box

Softlayer is used by Private Internet Access, so it could be someone using a VPN?

I use Private Internet Access and my ISP is seen as SoftLayer Technologies.

I'm not sure if this is specific to Australia, but PIA does use SoftLayer, so I'm guessing it could be a VPN?
Reply With Quote

activity, box, kvm, nefarious

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
activity and key logger x6vhcb5 Using Fedora 2 8th April 2009 05:25 PM
Too much HD activity jaymann Using Fedora 1 23rd February 2009 06:30 PM
unusual activity Wiles Using Fedora 3 18th September 2006 04:06 PM
Constant HD activity csmcgee Using Fedora 7 18th November 2005 06:10 PM

Current GMT-time: 19:35 (Thursday, 21-09-2017)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat