network traffic at the slug
Hello,
I installed net-acct yesterday at the slug with the same configuration as at the x86-pc.
But it accounts much more traffic than the pc although I did work at the pc.
So I looked in the logs and it looks strange for me, there are entries like these:
1221145815 6 192.6.144.43 512 192.168.0.5 5854 4096 eth0 unknown
1221145815 6 192.6.34.1 1502 192.168.0.2 22784 4096 eth0 unknown
1221145815 6 192.6.144.172 512 192.168.0.5 5854 4096 eth0 unknown
1221145815 6 192.6.34.2 1502 192.168.0.2 22784 4096 eth0 unknown
1221145815 6 192.6.144.157 512 192.168.0.5 5854 4096 eth0 unknown
1221145875 17 192.17.183.170 65280 192.168.0.2 35328 0 eth0 unknown
1221145875 1 192.1.180.190 3 192.168.0.1 3 0 eth0 unknown
1221145875 17 192.17.161.95 1293 192.168.0.1 23296 0 eth0 unknown
1221145875 6 192.6.186.229 512 192.168.0.5 20685 0 eth0 unknown
1221145875 6 192.6.148.253 1485 192.168.0.2 39168 1 eth0 unknown
1221145875 6 192.6.150.151 1485 192.168.0.2 39168 0 eth0 unknown
1221145875 6 192.6.150.144 1485 192.168.0.2 39168 0 eth0 unknown
1221145875 6 192.6.173.1 1283 192.168.0.2 42504 0 eth0 unknown
1221145875 6 192.6.140.218 520 192.168.0.5 259 0 eth0 unknown
1221145875 6 192.6.172.106 1283 192.168.0.2 42504 0 eth0 unknown
1221145875 6 192.6.173.3 1283 192.168.0.2 42504 0 eth0 unknown
Many source adresses start with 192.6. but iptraf shows nothing in this range.
The slug is behind a router with firewalling and also I installed shorewall, both of them
are not showing any information, that an attack from the outside is running.
There are also packages with a size of 0 bytes. Is this possible?
Maybe this is not a armel specific bug, but I want to start here, to see if I can exclude it.
The net-acctd version at the pc is 0.71-7, the one at the armel box 0.71-8.
Regards Michael
Reply to: