Re: Weird Incoming IP's and port numbers.

[Hugo van der Kooij <hvdkooij () vanderkooij org>]

On Sun, 26 Aug 2001, West P. wrote:

> I'm using @home internet cable.  I have the linksys cable router + 4 port
> switch.  This splits the connection to 3 computers in the house.  DHCP is
> turned off.  The Internal IPs are 192.168.1.x  (2,3,4)... Over the past day
> I received a couple of weird INCOMING entries in the log.
>
> DATE           TIME        SCR       SCR_PORT      DEST         DEST_PORT
> 08/25/2001 13:24:52  192.168.1.8      80          <my ip address>      3976
> 08/25/2001 19:04:42  192.168.1.16    80         <my ip address>       4319
> 08/25/2001 23:25:38  192.168.1.9      80          <my ip address>      4450

My guess is that someone in your neighborhood is leaking out these
packets. Quite likely because someone is being used as amplifier.

Hugo.

-- 
All email send to me is bound to the rules described on my homepage.
    hvdkooij () vanderkooij org         http://hvdkooij.xs4all.nl/
            Don't meddle in the affairs of sysadmins,
            for they are subtle and quick to anger.


----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com