On Sun, 5 Feb 2006 20:51:26 -0400 BTP <smokefat@gmail.com> wrote: > Hi All, > > I have encountered something different in my /var/log/snort/alert > logs, and I am curious where on my system I can find further traces of > this strange activity. > > First off, I noticed entries such as the following when I did a grep > in my snort alert logs: > ... > 02/03-21:43:16.160972 192.168.1.102:32813 -> 62.4.17.14:21 > 02/03-21:59:07.780078 72.14.207.104:80 -> 192.168.1.102:32834 > ... > 02/04-13:48:12.098337 192.168.1.103:32806 -> 72.14.205.83:80 > 02/04-17:39:16.682634 212.190.72.70:80 -> 192.168.1.103:32941 > 02/04-18:22:05.951133 192.168.1.103 -> 142.167.182.55 > 02/04-18:22:10.594090 192.168.1.103:61005 -> 142.167.182.55:705 > .. > > I do'nt know where the "192.168.1.102, 192.168.1.103" came from, > because I only have two computers hooked up to my blue linksys dsl > router, whose ip addresses are constantly bound to 192.168.1.100 and > 192.168.1.101 by DHCP. I checked the logs of both systems to check if > they bound to this 102/103 address before, and never. These two > computers cannot see eachother, they just use the router to share the > net. > > Realizing this is not a networking problems mailing list, I am curious > where on the debian system I could further find traces of this IP if > it is actually valid for my networking setup. have you looked at the routers config to see what it has in its dhcp clients? is this thing wireless and cracked? A > > Bart >
Attachment:
pgpAz0NNpbBm9.pgp
Description: PGP signature