[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Large, constant incoming traffic

On torsdag 13. mai 2004, 20:37, Gian Piero Carrubba wrote:
> Il gio, 2004-05-13 alle 19:53, Kjetil Kjernsmo ha scritto:
> [...]
> > 19:41:32.083993 >  udp 376
> > [ttl 1] 19:41:32.192344 > 
> > udp 376 [ttl 1]
> A switched lan, I see ;)

Hehe, it doesn't mean so much to me right now, but a Google will 

> It can be slammer [1] (if so, I guess why the ISP tech is so busy :)

Yeah, it seems consensus about that... 

> As you run snort, the eth is probably in promiscuous mode. I think
> this is the reason you see ifconfig counter increasing (though the
> packets aren't leading to your server). This and a non-switched lan,
> of course.

Hm, chkrootkit says that eth0 is not promiscuous... And as I said, I 
don't think I ever got Snort to work right... :-) 


Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
kjetil@kjernsmo.net  webmaster@skepsis.no  editor@learn-orienteering.org
Homepage: http://www.kjetil.kjernsmo.net/        OpenPGP KeyID: 6A6A0BBC

Reply to: