[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Large, constant incoming traffic

On torsdag 13. mai 2004, 20:37, Gian Piero Carrubba wrote:
> Il gio, 2004-05-13 alle 19:53, Kjetil Kjernsmo ha scritto:
>
> [...]
>
> > 19:41:32.083993 217.77.34.162.2090 > 226.58.55.41.1434:  udp 376
> > [ttl 1] 19:41:32.192344 217.77.34.162.2090 > 234.247.236.46.1434: 
> > udp 376 [ttl 1]
>
> A switched lan, I see ;)

Hehe, it doesn't mean so much to me right now, but a Google will 
educate... 

> It can be slammer [1] (if so, I guess why the ISP tech is so busy :)

Yeah, it seems consensus about that... 

> As you run snort, the eth is probably in promiscuous mode. I think
> this is the reason you see ifconfig counter increasing (though the
> packets aren't leading to your server). This and a non-switched lan,
> of course.

Hm, chkrootkit says that eth0 is not promiscuous... And as I said, I 
don't think I ever got Snort to work right... :-) 

Cheers,

Kjetil
-- 
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
kjetil@kjernsmo.net  webmaster@skepsis.no  editor@learn-orienteering.org
Homepage: http://www.kjetil.kjernsmo.net/        OpenPGP KeyID: 6A6A0BBC
Reply to: