slightly off topic but pertinent

[Chip <jeffschips () gmail com>]

I traditionally run a network sniffer on my network to see what's up.  
I've been noticing lately that Kaspersky AV is reporting back to home 
using a protocol called sebek.  From what I can gather sebek is a 
client/server protocol/setup whereby a client (perhaps a pc) has 
installed a piece of software that communicates with a server 
(Kasperksy?) using the sebek protocol.  If you read up on it, it seems 
to be a protocol that will replay back on the server, the processes and 
activities of a user.

According to the paper in the link provided below, it is a kernel based 
data capture tool.

I find it suspicous and unsettling that Kaspersky has installed this on 
some of my lab's pcs.

Any feedback or information on what this really does/is would be greatly 
appreciated.

Especially on how to block it using iptables.

Thanks.

http://old.honeynet.org/papers/sebek.pdf
_______________________________________________
https://mail.metasploit.com/mailman/listinfo/framework