Help :>
Hi I got in to some trouble, I hope you will be able to help me
to slove them or understand what is going on,
Today I been playing with ip_contract and I discover few lines
which are suspicus....
My network is
1 PC- Windows -ip 192.168.253.10
2 My Laptop ( Debian ) -ip 192.168.253.20
3 PC Router (Debian ) -ip 192.168.253.254
Gateway is set up to 192.168.254
I done cat /proc/net/ip_conntrack and I saw this
tcp 6 360329 ESTABLISHED src=64.156.26.17 dst=10.16.33.213 sport=80
dport=1544 [UNREPLIED] src=10.16.33.213 dst=64.156.26.17 sport=1544
dport=80 use=1
If you can see the src is ip is non of my IP, how is that possible?
is it part of the connection? which was initializated by one of my boxes?
then didn't get replay?
why there is no any of my local IP?
How they get to my logs????????
any sugestion will be greate help
I put some log from my router
Tom
tom@router:~$ cat /proc/net/ip_conntrack
tcp 6 431990 ESTABLISHED src=192.168.253.10 dst=192.168.253.254
sport=1026 dport=139 src=192.168.253.254 dst=192.168.253.10 sport=139
dport=1026 [ASSURED] use=1
-------------------------------------------------------------------
tcp 6 431999 ESTABLISHED src=192.168.253.20 dst=192.168.253.254
sport=33043 dport=22 src=192.168.253.254 dst=192.168.253.20 sport=22
dport=33043 [ASSURED] use=1
-------------------------------------------------------------------
tcp 6 360329 ESTABLISHED src=64.156.26.17 dst=10.16.33.213 sport=80
dport=1544 [UNREPLIED] src=10.16.33.213 dst=64.156.26.17 sport=1544
dport=80 use=1
-------------------------------------------------------------------
tcp 6 360315 ESTABLISHED src=130.88.203.42 dst=10.16.33.213
sport=58936 dport=1524 [UNREPLIED] src=10.16.33.213 dst=130.88.203.42
sport=1524 dport=58936 use=1
-------------------------------------------------------------------
tcp 6 266966 ESTABLISHED src=192.168.253.10 dst=212.85.101.1
sport=1626 dport=80 [UNREPLIED] src=212.85.101.1 dst=10.16.33.213 sport=80
dport=1626 use=1
------------------------------------------------------------------
tcp 6 360301 ESTABLISHED src=65.89.218.99 dst=10.16.33.213 sport=80
dport=1527 [UNREPLIED] src=10.16.33.213 dst=65.89.218.99 sport=1527
dport=80 use=1
------------------------------------------------------------------
tcp 6 431971 ESTABLISHED src=192.168.253.10 dst=64.12.25.71
sport=1093 dport=5190 src=64.12.25.71 dst=10.16.33.213 sport=5190
dport=1093 [ASSURED] use=1
-----------------------------------------------------------------
tcp 6 431999 ESTABLISHED src=192.168.253.10 dst=213.186.65.98
sport=1073 dport=554 src=213.186.65.98 dst=10.16.33.213 sport=554
dport=1073 [ASSURED] use=1
-----------------------------------------------------------------
tcp 6 360301 ESTABLISHED src=213.241.20.165 dst=10.16.33.213 sport=80
dport=1515 [UNREPLIED] src=10.16.33.213 dst=213.241.20.165 sport=1515
dport=80 use=1
-----------------------------------------------------------------
tcp 6 358771 ESTABLISHED src=192.168.253.20 dst=195.235.97.200
sport=1279 dport=80 src=195.235.97.200 dst=10.16.33.213 sport=80
dport=1279 [ASSURED] use=1
-----------------------------------------------------------------
tcp 6 266950 ESTABLISHED src=192.168.253.10 dst=212.85.97.169
sport=1590 dport=80 [UNREPLIED] src=212.85.97.169 dst=10.16.33.213
sport=80 dport=1590 use=1
-----------------------------------------------------------------
tom@router:~$ watch cat /proc/net/ip_conntrack
Type Bits/KeyID Date User ID
pub 1024/0B22D0E1 2001/09/23 Tom Breza <Tom@PCService-NET.co.uk>
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: 2.6.3ia
mQCNAzuuMNoAAAEEAOa8EvOztpYuHXxwb/NZVjDmXbutOK6wqF29SAnoXkiHB0ta
fGrNgcPPJoryN+291o4nxMWE2fCYNuArS8+0m9zMA5829QV2lSkkbrRXR2LLVYc4
1bpubOom2DD2Qi+kHHYEFHdczavFxfGeQgbDCceF7uM3G5lGMxGsydsLItDhAAUR
tCNUb20gQnJlemEgPFRvbUBQQ1NlcnZpY2UtTkVULmNvLnVrPokAlQMFEDuuMNoR
rMnbCyLQ4QEBMA4EALUdA5IKzjSNVlVtRbpuuhZc4pf1qJuDn0bdSIg9vPmadXNS
uoqZn5UY8inYgx06y2RwsAf2o7ncyC33mf7cmcQ3Z6g9mfvHXPC+azfbb+RLc5be
pE3qYm1zvfQzzFT+Z4U1YvuNNfmASBsANo1ulR3rAYqKKtBMkwC1hFEysXlN
=dZ9o
-----END PGP PUBLIC KEY BLOCK-----
Reply to: