Thanks for the help, Jeff.
[EMAIL PROTECTED] wrote:
>
> On Wed, 13 Jun 2001, Cam Ellison wrote:
>
<snip>
>
> Looks like it.
>
> > >
> > >
> > > ------------------------------------------------------------------------
> > >
> > > Jun 13 16:44:28 treehouse kernel: Packet log: eth-in DENY eth1
> > > PROTO=17 192.168.177.11:67 255.255.255.255:68 L=328 S=0x00 I=48460
> > > F=0x0000 T=128 (#1)
>
> This is a dhcp reply (bootp). In isolation, nothing to worry about, but
> when you consider the source address is private, it starts to look kind of
> weird...
I agree. I am running dhcp, of course, but the client, not the server.
Should I assume that someone has been messing around in my machine, and
that the other host is trying to re-establish connection?
>
> > > Jun 13 17:08:47 treehouse kernel: Packet log: eth-in DENY eth1
> > > PROTO=17 192.168.0.1:5005 255.255.255.255:5005 L=44 S=0x00 I=27137
> > > F=0x0000 T=128 (#1)
>
> ... and this is an odd one... broadcast to 5005... examine the output of
> "netstat -ua" to see if treehouse would have responded to this, and use
> "lsof -i :5005" to find out which process(es) is(are) handling that port.
>
Nothing is using that port. Netstat indicates the following processes:
netbios-dgm
netbios-ns
ntalk
talk
discard
sunrpc
I know I did not install talk deliberately, and assume it was installed
by the distribution I use [Debian as repackaged by Libranet]. I cannot
see that it would have anything to do with this, however -- or am I
wrong in assuming that?
I did not have lsof on the system, so had to download and install it. I
think we can assume it is clean. It indicates that the only specific
ports are 6000 and 7101.
There are some other odd ports in the syslog entries: 1052, 3008, 3033,
3829. None of these have any referents in /etc/services
<snip>
>
> The fact that these are not directed at your ip address in particular is a
> little comforting, but someone is playing strange games.
>
Clearly. What I am still unclear about is whether this means someone is
trying to get accesss to my system, or more importantly, has succeeded.
What else whould I look at?
Cam
--
Cam Ellison Ph.D. R.Psych.
>From Roberts Creek on B.C.'s incomparable Sunshine Coast
[EMAIL PROTECTED]
[EMAIL PROTECTED]
