If you have no known ftp activity occuring but there are ftp packets being
sent to and from your machine, there is only one conclusion I can reach.
Your machine has been cracked and your are being used by someone else.
IF all you have running is a telnet window, then there should be NO
activity on that link.
Jim Wildman
[EMAIL PROTECTED]
On Thu, 23 Sep 1999, Tom Reinertson wrote:
> Note: no intentional internet activity from me. Netscape is not
> running, no ftp, etc. Just one terminal window. I'm not running smtp,
> innd or any type of mail/news server.
>
> -------------- output of tcpdump -ai ppp0
> ----------------------
> 17:21:51.923328 216.33.199.119.ftp > Odialup194.slkc.uswest.net.61309: P
> 710:795(85) ack 356 win 8304 (DF)
This is the part of an ftp exchange between the 216.x.x.x machine and
the dialup machine. Maybe part of a login sequence, but it is in
response to something the dialup machine started. The ftp link has
already been established between a high, unprivileged port on the dialup
and the ftp port on the 216.x.x.x machine
> 17:21:51.933324 216.33.199.119.ftp-data >
> Odialup194.slkc.uswest.net.61315: S 461442616:461442616(0) win 8192 <mss
> 1460> (DF)
Here comes some data.
etc....
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
