Hi I got in to some trouble, I hope you will be able to help me to slove them or understand what is going on,
Today I been playing with ip_contract and I discover few lines which are suspicus.... My network is 1 PC- Windows -ip 192.168.253.10 2 My Laptop ( Debian ) -ip 192.168.253.20 3 PC Router (Debian ) -ip 192.168.253.254 Gateway is set up to 192.168.254 I done cat /proc/net/ip_conntrack and I saw this tcp 6 360329 ESTABLISHED src=64.156.26.17 dst=10.16.33.213 sport=80 dport=1544 [UNREPLIED] src=10.16.33.213 dst=64.156.26.17 sport=1544 dport=80 use=1 If you can see the src is ip is non of my IP, how is that possible? is it part of the connection? which was initializated by one of my boxes? then didn't get replay? why there is no any of my local IP? How they get to my logs???????? any sugestion will be greate help I put some log from my router Tom [EMAIL PROTECTED]:~$ cat /proc/net/ip_conntrack tcp 6 431990 ESTABLISHED src=192.168.253.10 dst=192.168.253.254 sport=1026 dport=139 src=192.168.253.254 dst=192.168.253.10 sport=139 dport=1026 [ASSURED] use=1 ------------------------------------------------------------------- tcp 6 431999 ESTABLISHED src=192.168.253.20 dst=192.168.253.254 sport=33043 dport=22 src=192.168.253.254 dst=192.168.253.20 sport=22 dport=33043 [ASSURED] use=1 ------------------------------------------------------------------- tcp 6 360329 ESTABLISHED src=64.156.26.17 dst=10.16.33.213 sport=80 dport=1544 [UNREPLIED] src=10.16.33.213 dst=64.156.26.17 sport=1544 dport=80 use=1 ------------------------------------------------------------------- tcp 6 360315 ESTABLISHED src=130.88.203.42 dst=10.16.33.213 sport=58936 dport=1524 [UNREPLIED] src=10.16.33.213 dst=130.88.203.42 sport=1524 dport=58936 use=1 ------------------------------------------------------------------- tcp 6 266966 ESTABLISHED src=192.168.253.10 dst=212.85.101.1 sport=1626 dport=80 [UNREPLIED] src=212.85.101.1 dst=10.16.33.213 sport=80 dport=1626 use=1 ------------------------------------------------------------------ tcp 6 360301 ESTABLISHED src=65.89.218.99 dst=10.16.33.213 sport=80 dport=1527 [UNREPLIED] src=10.16.33.213 dst=65.89.218.99 sport=1527 dport=80 use=1 ------------------------------------------------------------------ tcp 6 431971 ESTABLISHED src=192.168.253.10 dst=64.12.25.71 sport=1093 dport=5190 src=64.12.25.71 dst=10.16.33.213 sport=5190 dport=1093 [ASSURED] use=1 ----------------------------------------------------------------- tcp 6 431999 ESTABLISHED src=192.168.253.10 dst=213.186.65.98 sport=1073 dport=554 src=213.186.65.98 dst=10.16.33.213 sport=554 dport=1073 [ASSURED] use=1 ----------------------------------------------------------------- tcp 6 360301 ESTABLISHED src=213.241.20.165 dst=10.16.33.213 sport=80 dport=1515 [UNREPLIED] src=10.16.33.213 dst=213.241.20.165 sport=1515 dport=80 use=1 ----------------------------------------------------------------- tcp 6 358771 ESTABLISHED src=192.168.253.20 dst=195.235.97.200 sport=1279 dport=80 src=195.235.97.200 dst=10.16.33.213 sport=80 dport=1279 [ASSURED] use=1 ----------------------------------------------------------------- tcp 6 266950 ESTABLISHED src=192.168.253.10 dst=212.85.97.169 sport=1590 dport=80 [UNREPLIED] src=212.85.97.169 dst=10.16.33.213 sport=80 dport=1590 use=1 ----------------------------------------------------------------- [EMAIL PROTECTED]:~$ watch cat /proc/net/ip_conntrack Type Bits/KeyID Date User ID pub 1024/0B22D0E1 2001/09/23 Tom Breza <[EMAIL PROTECTED]> -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6.3ia mQCNAzuuMNoAAAEEAOa8EvOztpYuHXxwb/NZVjDmXbutOK6wqF29SAnoXkiHB0ta fGrNgcPPJoryN+291o4nxMWE2fCYNuArS8+0m9zMA5829QV2lSkkbrRXR2LLVYc4 1bpubOom2DD2Qi+kHHYEFHdczavFxfGeQgbDCceF7uM3G5lGMxGsydsLItDhAAUR tCNUb20gQnJlemEgPFRvbUBQQ1NlcnZpY2UtTkVULmNvLnVrPokAlQMFEDuuMNoR rMnbCyLQ4QEBMA4EALUdA5IKzjSNVlVtRbpuuhZc4pf1qJuDn0bdSIg9vPmadXNS uoqZn5UY8inYgx06y2RwsAf2o7ncyC33mf7cmcQ3Z6g9mfvHXPC+azfbb+RLc5be pE3qYm1zvfQzzFT+Z4U1YvuNNfmASBsANo1ulR3rAYqKKtBMkwC1hFEysXlN =dZ9o -----END PGP PUBLIC KEY BLOCK-----
