Tom Reinertson wrote:
> Jim,
>
> > If you have no known ftp activity occuring but there are ftp packets being
> > sent to and from your machine, there is only one conclusion I can reach.
> > Your machine has been cracked and your are being used by someone else.
>
> Well, that was my first impression, but from what limited knowledge I have of
> TCP, it seems that all the packets listed by tcpdump have a source address
> and destination address that does not include my machine. It's as if I'm
> just watching traffic between two different machines go by.
>
Tom,
Do you happen to be running IP Masquerading? The port numbers look like they are
coming from a masqueraded machine. Another possibility, although very unlikely,
is that your ISP has its terminal server setup in such a way that it is on a
shared media segment. You might then see traffic from others that are logged
in. What is the subnet mask on your ppp0 interface when you are logged in? It
probably should be something like 255.255.255.252. I just checked mine and it
was 255.255.255.255 when diald initiated the connection and 255.255.255.252 when
I used the script I wrote when I first signed up with my ISP. I added the
"netmask 255.255.255.252" option to my diald.conf file.
Bob...
--
--------------------------------------------------------
Bob Chiodini [EMAIL PROTECTED]
--------------------------------------------------------
-
To unsubscribe from this list: send the line "unsubscribe linux-diald" in
the body of a message to [EMAIL PROTECTED]
