You're getting 'geowanked'. Your firewall appears on http://www.wigle.net/ Also reference http://lists.burri.to/pipermail/geowanking/ I prefer http://chicken.burri.to
On 06/08/04 11pm, Larry Price wrote: > I've been building a web/dns/mail server for my house > and started off by setting up firewalling > > while debugging the firewall ruleset I was running tcpdump on both the > wdm and on the (orange) workstation so that I could see both sides of > certain transactions. > > The whole setup is behind an actiontec DSL modem that does NAT and dhcp, > using the web based interface on the modem I told it that the > wdm[1] was a DMZ host and should get _all_ incoming requests. > > At this point I began to watch the packets scroll by as various worms etc. > tried to take advantage of services (ports 445 and 1026 seem to be popular > today) on vulnerable hosts. > > At this point I took a short break to read slashdot, after reading a few > linked postings I backgrounded the browser and went back to testing > connections and figuring out why things weren't yet working, > that's when I noticed something funny. > > the orange box was issuing requests to port 80 of some host out on the > internet, without my intending for it to do so. I eventually satisfied > myself that it was something in firefox, because if I killed firefox it > would stop, and then start once I reloaded that browser and page.. > > Does anyone know what might be up with the host that resolves to > http://steak.burri.to ??? > > And how can i make reasonably sure that it was (as I think) > a bit of javascript or an iFrame Meta tag, and not someone hiding a > trojan that posts my keystrokes to a snarfserver and allows bulgarian > teenagers to buy leather jackets with my bank account. > > just one of those nightmarishly annoying things that makes modern life > interesting (tm) > > [1]wdm : web, dns, mail; the alternate arrangement is right out. _______________________________________________ EUGLUG mailing list [EMAIL PROTECTED] http://www.euglug.org/mailman/listinfo/euglug
