Since I put my new Centos box on the net, it frequently tr1es to make ftp contact with IP address 64.90.181.77 .
Why is this, and does anyone recognize this IP address? Is it spyware?
Mike.
Hi,
On Fri, Oct 10, 2008 at 10:06, Mike -- EMAIL IGNORED m_d_berger_1900@yahoo.com wrote:
Since I put my new Centos box on the net, it frequently tr1es to make ftp contact with IP address 64.90.181.77 .
This is a CentOS repository mirror: http://mirror.nyi.net/centos/
Your box is connecting to that site to get security updates. If it's doing that without you knowing, it's probably because yum is configured to do that automatically in cron.
HTH, Filipe
On Fri, 10 Oct 2008 17:03:41 +0200, Ralph Angenendt wrote:
[...]
Or it's yum-updatesd in action.
Ralph
[...]
It looks like this is it; I shut it down. I don't remember being offered a choice about this on install; maybe I didn't recognize it. I would think it should be made obvious.
Is there any other automatic Internet activity in Centos?
Thanks, Mike.
On Oct 10, 2008, at 11:17 AM, Mike -- EMAIL IGNORED wrote:
Is there any other automatic Internet activity in Centos?
ntpd, possibly, if you set it up during firstboot without realizing.
-steve
-- If this were played upon a stage now, I could condemn it as an improbable fiction. - Fabian, Twelfth Night, III,v
On Fri, Oct 10, 2008 at 12:07, Mike -- EMAIL IGNORED m_d_berger_1900@yahoo.com wrote:
Good luck with the wonderful surprises you will have to deal with if your machine gets compromised while running unpatched vulnerable software.
Filipe
on 10-10-2008 9:52 AM Filipe Brandenburger spake the following:
He didn't say he wasn't going to update, he just said he wants to do it on his schedule. Nothing wrong with that. As a matter of fact, it is more proper to update when you have tested on an enterprise system.
On Fri, 10 Oct 2008 11:27:45 -0400, Toby Bluhm wrote:
Is there a reason why you don't want your machine updated?
On Fri, Oct 10, 2008 at 12:07, Mike -- EMAIL IGNORED wrote:
Yes indeed! [...]
On Fri, Oct 10, 2008 at 14:42, Scott Silva ssilva@sgvwater.com wrote:
He didn't say he wasn't going to update,
Yes, he did! :-)
Agreed, in particular with updates that bump a release (5.1 -> 5.2), I also do it manually and not automatically.
However, nowadays I consider updating the system and applying security patches an essential part of the sysadmin role in a Linux environment.
Filipe
on 10-10-2008 12:59 PM Filipe Brandenburger spake the following:
But if you cron yum, it can't tell if it is a normal update or a major release. Better to monitor the announce list and apply updates at the quickest convenience. I will usually yum update --downloadonly when I am there, and then I can script an update after hours and send a confirming e-mail to my blackberry when it is done. Or I can watch it since the download is usually most of the session time. I have a few less critical systems on auto-update like the 2 servers stuffed with drives as rsync targets. They can be offline for a day if something happens, but the mailservers and the fileservers need to be up EVERY day during business hours or I get unhappy exec's calling me.
Hi,
On Fri, Oct 10, 2008 at 17:11, Scott Silva ssilva@sgvwater.com wrote:
But if you cron yum, it can't tell if it is a normal update or a major release.
See my other e-mail on the other thread about setting up a repository mirror. If you do that, *you* control if 5 is 5.1, 5.2 or 5.3 (when it's out). Then you can choose to apply all security fixes automatically (say, weekly?) and still control when your machines are moving from one minor release to the next.
HTH, Filipe
On Fri, 10 Oct 2008 15:59:35 -0400, Filipe Brandenburger wrote:
I quote from a previous post by me on this thread:
"I do updates, but at times of my choice, and I watch what I get."
The reason I am moving from Fedora to Centos is that on a Fedora news group I mentioned that I am interested in reliability and stability. A respondent suggested that in that case, I would be better off with Centos, since Fedora experiments with the latest and greatest, and therefore takes chances that would not be appropriate in an enterprise context. Automatic updates are inconsistent with my objective.
I like to comment on my past employment years ago with a large company whose name you would recognize. I maintained control systems whose failure would cost dollars quickly counted in the millions, and could potentially endanger human life. The operating systems on these machines were well understood and long obsolete. A suggestion that they be upgraded would be met with a blank stare. I believe that the implementation of automatic updates would have resulted in dismissal. ):
Mike.
It returns to
class-name organization id NYIC-64.90.160.0/19 auth-area 64.90.160.0/19 org-name NEWYORKINT-64.90 organization New York Internet (NYI) street-address 20 Exchange Pl, 21st Floor city New York state NY postal-code 10005 country-code US phone (212)-269-1999 tech-email jon@nyi.net created 20080704 updated 20080704
Any one you know??
john
Mike -- EMAIL IGNORED wrote:
Its a Data Center in NY City... I bet yum update is there... http://www.nyi.net/
Frank
Mike -- EMAIL IGNORED wrote:
-
Filipe Brandenburger -
Franklin S Weren -
John Plemons -
Mike -- EMAIL IGNORED -
Ralph Angenendt -
Scott Silva -
Steve Huff -
Toby Bluhm