Hi,
I have a machine connected to the Internet and I was looking at tcpdump
outputs today and started seeing some real weird shit. All this activity
on th network from strange IP address and domains.
Here is some snippets from the output, can anybody tell what is going on
here??
My machine is grape.mycompany.ie and its IP is 195.4.33.51, my ISP is
tinet.ie...
889 win 16060 (DF)
12:58:50.670000 adultx.net.www > grape.mycompany.ie.12338: .
19296:20756(1460) ack 940 win 8760 (DF)
12:58:50.680000 202.96.191.37.2043 > 195.4.33.51.3128: . ack 32121 win
8760 (DF)
12:58:50.760000 adultx.net.www > grape.mycompany.ie.12347: P
18125:18713(588) ack 334 win 8760 (DF)
12:58:50.770000 grape.mycompany.ie.12347 > adultx.net.www: . ack 18713 win
16060 (DF)
12:58:50.840000 adultx.net.www > grape.mycompany.ie.12338: P
20756:21344(588) ack 940 win 8760 (DF)
12:58:50.850000 grape.mycompany.ie.12338 > adultx.net.www: . ack 21344 win
16060 (DF)
13:06:31.600000 202.103.14.40.www > 195.4.33.51.12035: F 124:124(0) ack
496 win 8265 (DF)
13:06:31.600000 195.4.33.51.12035 > 202.103.14.40.www: . ack 125 win 16060
(DF)
13:06:31.600000 195.4.33.51.12035 > 202.103.14.40.www: F 496:496(0) ack
125 win 16060
13:06:31.610000 195.4.33.51.3128 > 202.96.191.37.2336: F 124:124(0) ack
441 win 16368
13:06:31.710000 202.96.191.37.2337 > 195.4.33.51.3128: . ack 1 win 8760
(DF)
13:06:31.760000 202.96.191.37.2337 > 195.4.33.51.3128: P 1:350(349) ack 1
win 8760 (DF)
13:06:31.760000 195.4.33.51.12098 > 202.103.14.40.www: S
3440522565:3440522565(0) win 512 <mss 1460>
13:06:31.780000 195.4.33.51.3128 > 202.96.191.37.2337: . ack 350 win 16368
(DF)
13:06:31.800000 195.4.33.51.11847 > 24.113.36.112.www: . ack 9491 win
16060 (DF)
13:06:31.950000 24.113.36.112.www > 195.4.33.51.11847: . 9491:10951(1460)
ack 418 win 8343 (DF)
13:06:32.140000 24.113.36.112.www > 195.4.33.51.11847: . 10951:12411(1460)
ack 418 win 8343 (DF)
13:06:32.150000 195.4.33.51.11847 > 24.113.36.112.www: . ack 12411 win
16060 (DF)
:08:04.790000 195.4.33.51.3128 > 202.96.191.37.2351: . ack 469 win 16368
(DF)
13:08:06.650000 grape.mycompany.ie.1755 > ns1.tinet.ie.domain: 27545+ (35)
13:08:06.790000 ns1.tinet.ie.domain > grape.mycompany.ie.1755: 27545
NXDomain* 0/1/0 (108)
13:08:06.790000 grape.mycompany.ie.1756 > ns1.tinet.ie.domain: 27546+ (43)
13:08:06.830000 ns1.tinet.ie.domain > grape.mycompany.ie.1756: 27546
NXDomain* 0/1/0 (107)
13:08:06.840000 grape.mycompany.ie.1757 > ns1.tinet.ie.domain: 44416+ (35)
13:08:06.900000 ns1.tinet.ie.domain > grape.mycompany.ie.1757: 44416 2/4/4
(229)
13:08:06.900000 grape.mycompany.ie.1758 > ns1.tinet.ie.domain: 44417+ (36)
13:08:06.970000 ns1.tinet.ie.domain > grape.mycompany.ie.1758: 44417 2/4/4
(230)
13:08:06.970000 grape.mycompany.ie.1759 > ns1.tinet.ie.domain: 44418+ (30)
13:08:07.120000 ns1.tinet.ie.domain > grape.mycompany.ie.1759: 44418*
1/5/3 (208)
13:08:09.320000 195.4.33.51.3128 > 202.96.191.37.1602: F 42710:42710(0)
ack 365 win 16367
13:08:09.390000 0:50:f:c:da:c0 0:50:f:c:da:c0 loopback 60:
0000 0100 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000 0000
0000 0000 0000 0000 0000 0000 0000
13:08:09.780000 195.4.33.51.1177 > ns1.tinet.ie.domain: 53597+ (42)
13:08:13.320000 202.96.191.37.2349 > 195.4.33.51.3128: R
2080889010:2080889010(0) win 0 (DF)
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
