What this really looks like is you have some sort of spyware on one of the machines in your network. Check your windows boxes with Adaware - looks like they are downloading adds etc.
dave ----- Original Message ----- From: "Peter Vogel" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, February 03, 2003 9:42 AM Subject: [SLUG] Unexplained traffic > Thank you to those who provided useful suggestions for firewall > configuration tools. I seem to have that sorted now. > > However I find that I receive about 20mb/day of traffic that I can't > account for. > > I do get "Possible syn flood" messages a few times a day. Could that add > up to megabytes? > > I also have unsucessful access attempts to apache every few seconds. > > Here is a typical couple of munites from my log: > > 217.84.6.34 - - [03/Feb/2003:08:20:38 +1100] "GET http://www.freemobiletunes.com/cgi-bin/arp/rankem.cgi?action=in&id=chartz HTTP/1.0" 404 1341 "http://www.8ung.at/smartlogo/ringtones.htm"; "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)" > 24.29.148.128 - - [03/Feb/2003:08:20:52 +1100] "GET http://www.adpowerzone.com/scripts/diatok.js HTTP/1.0" 404 1225 "http://www.geocities.com/bassw20/index.html"; "Mozilla/4.0 (compatible; MSIE 5.02; Windows 98)" > 217.227.90.195 - - [03/Feb/2003:08:21:06 +1100] "GET http://www.gsmsitez.net/cgi-bin/topsites/topsites.cgi?larsi HTTP/1.1" 404 1286 "http://www.logotown.de"; "Mozilla/4.5 [fr] (Win95; I)" > 217.227.90.195 - - [03/Feb/2003:08:21:33 +1100] "GET http://utop.net/cgi-bin/utop.cgi?ID=/150 HTTP/1.1" 404 1172 "http://www.logotown.de"; "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" > 62.195.81.215 - - [03/Feb/2003:08:22:55 +1100] "GET http://www.leadhound.com/show2.php?id=9236&bid=23967 HTTP/1.1" 404 1181 "http://www.mp3rock.com"; "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" > 62.195.81.215 - - [03/Feb/2003:08:24:30 +1100] "GET http://banners.webmasterplan.com/view.asp?site=2358&ref=146341&b=2 HTTP/1.1" 404 1201 "http://www.die-80er-jahre.de"; "Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)" > 62.195.81.215 - - [03/Feb/2003:08:24:50 +1100] "GET http://www.leadhound.com/show2.php?id=9449&bid=24968 HTTP/1.1" 404 1183 "http://www.rapworld.com"; "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" > 62.195.81.215 - - [03/Feb/2003:08:26:12 +1100] "GET http://www.leadhound.com/show2.php?id=9236&bid=23966 HTTP/1.0" 404 1181 "http://www.mp3rock.com"; "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" > 62.131.12.251 - - [03/Feb/2003:08:26:50 +1100] "GET http://www.1-click-clipart.com/bin/rankem.cgi?action=in&id=1cool HTTP/1.1" 404 1213 "http://www.top20cool.com/index.html"; "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98)" > 62.195.81.215 - - [03/Feb/2003:08:27:16 +1100] "GET http://banners.webmasterplan.com/view.asp?site=2306&ref=145686&b=3 HTTP/1.0" 404 1193 "http://www.myownmusic.de"; "Mozilla/4.0 (compatible; MSIE 4.01; Windows 98)" > > Any ideas what the cause of this is and can I stop it?? > > Thanks > > Peter > -- > SLUG - Sydney Linux User's Group - http://slug.org.au/ > More Info: http://lists.slug.org.au/listinfo/slug > -- SLUG - Sydney Linux User's Group - http://slug.org.au/ More Info: http://lists.slug.org.au/listinfo/slug
