On Wednesday 12 December 2007, Allen Weiner wrote: > On Wed, 2007-12-12 at 22:25 -0500, Chris Knadle wrote: > > Hmm. So you're saying there's a direct link between TCP packets on > > port 80 and UDP packets on port 137. Think about that for a minute. > > > > It doesn't make sense. I don't doubt that you're seeing this > > behavior, but there's no simple way to explain it. > > Here's a sample of the Firestarter report of "serious events". It shows > the one-to-one correspondence that wasn't apparent in /var/log/messages: > > Time:Dec 12 23:02:49 Direction: Inbound In:eth0 Out: Port:137 > Source:192.168.1.1 Destination:192.168.1.150 Length:78 TOS:0x00 > Protocol:UDP Service:Samba (SMB) > Time:Dec 12 23:03:06 Direction: Inbound In:eth0 Out: Port:80 > Source:192.168.1.1 Destination:192.168.1.150 Length:60 TOS:0x00 > Protocol:TCP Service:HTTP ...
These messages from Firestarter and /var/log/messages are good to show that something weird is going on, but there's not enough detail to explain why. > > > I now have a hardcopy of the script which implements "service network > > > start/stop/restart". The networking scripts are easier to decipher from > > > hardcopy than from the screen. (I own an inkjet printer, a gift from a > > > friend, but I never bought cartridges for it.). "service network stop" > > > invokes ifdown-eth. I have the hardcopy for ifdown-eth. I can > > > understand the Bash, but I don't understand what the code is doing. > > > > I'm assuming you mean that certain external programs are called and > > that you don't know what those do. > > ifdown-eth tests for a lot of what appears to be special cases: 1. > BRIDGE 2. SLAVE 3. REALDEVICE. I don't see anything in the script that > looks like the primary function or the main body. Detection of those special cases may be it's main function. -- Chris -- Chris Knadle [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org http://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) MHVLS Auditorium Dec 5 - Open Source Show and Tell Jan 2 - TBD Feb 6 - DBUS Mar 5 - Setting up a platform-independent home/small office network using Linux
