Hacker de la red, ¿quien esta enviando/reciviendo paquetes en mi PC?

To: debian-user-spanish@lists.debian.org
Subject: Hacker de la red, ¿quien esta enviando/reciviendo paquetes en mi PC?
From: Borxa Varela <borxa@wanadoo.es>
Date: Fri, 31 Jan 2003 19:35:34 +0100
Message-id: <[🔎] 3E3AC1F6.6000503@wanadoo.es>

La historia:

Me doy de alta en la tarifa plana de wanadoo por RTB, me conecto sinproblemas. Para despreocuparme de encender/apagar el modem, configuro elpppd con las opciones (entre otras)

demand
active-filter "dst port domain"
idle 300

Bueno, pues se conecta cuando alguien pide resolver un ip, pero no sedesconecta si pasan 300 segundos sin que nadie pida resolver ips,entonces abro una consola y pongo tcpdump -i ppp0, y comprueboimpresionado que no paran de pasar "paquetitos" de un lado para otro,principalmente en el puerto 4662 que no se para que es, y mi pregunta es¿quien o que coño esta enviando esa cantidad de paquetes? y paso ¿porqueno funciona la opción para el pppd?

Para muestra un boton: (si tocar nada ni, chat, ni webs cargadas ni nadapor el estilo), recien conectado (e recivido el correo y estoyescribiendo este mensaje)


xuvenka:/home/borxa# tcpdump -i ppp0
tcpdump: listening on ppp0

19:32:02.967746 80.32.26.66.1701 > 80.103.152.191.4662: S2218963593:2218963593(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)19:32:02.967857 80.103.152.253.1701 > 80.103.152.191.4662: S2218963593:2218963593(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)19:32:21.877739 217.128.24.251.4016 > 80.103.152.174.4662: S1823402510:1823402510(0) win 16384 <mss 1452,nop,nop,sackOK> (DF)19:32:21.877824 80.103.152.253.4016 > 80.103.152.174.4662: S1823402510:1823402510(0) win 16384 <mss 1452,nop,nop,sackOK> (DF)19:32:35.257749 80.25.196.158.58979 > 80.103.152.253.www: F89294993:89294993(0) ack 1108620176 win 8760 (DF)19:32:35.258449 80.103.152.253.www > 80.25.196.158.58979: P 1:307(306)ack 1 win 4452 (DF)19:32:35.258636 80.103.152.253.www > 80.25.196.158.58979: F 307:307(0)ack 1 win 4452 (DF)19:32:35.267744 80.25.196.158.59020 > 80.103.152.253.www: S89339694:89339694(0) win 8192 <mss 1460,nop,nop,sackOK> (DF)19:32:35.267833 80.103.152.253.www > 80.25.196.158.59020: S1158816027:1158816027(0) ack 89339695 win 4452 <mss 1484,nop,nop,sackOK>(DF)19:32:35.777749 80.25.196.158.58979 > 80.103.152.253.www: R89294994:89294994(0) win 0 (DF)19:32:35.787741 80.25.196.158.58979 > 80.103.152.253.www: R89294994:89294994(0) win 019:32:35.807755 80.25.196.158.59020 > 80.103.152.253.www: . ack 1 win8760 (DF)19:32:35.827754 80.25.196.158.59020 > 80.103.152.253.www: P 1:67(66) ack1 win 8760 (DF)19:32:35.827941 80.103.152.253.www > 80.25.196.158.59020: . ack 67 win4452 (DF)19:32:42.087748 213.99.70.84.1650 > 80.103.152.154.1224: S1437057425:1437057425(0) win 8760 <mss 536,nop,nop,sackOK> (DF)19:32:42.087847 80.103.152.253.1650 > 80.103.152.154.1224: S1437057425:1437057425(0) win 8760 <mss 536,nop,nop,sackOK> (DF)19:32:51.017749 213.99.70.84.1650 > 80.103.152.154.1224: S1437057425:1437057425(0) win 8760 <mss 536,nop,nop,sackOK> (DF)19:32:51.017810 80.103.152.253.1650 > 80.103.152.154.1224: S1437057425:1437057425(0) win 8760 <mss 536,nop,nop,sackOK> (DF)19:33:20.047738 80.25.196.158.59020 > 80.103.152.253.www: F 67:67(0) ack1 win 8760 (DF)19:33:20.048371 80.103.152.253.www > 80.25.196.158.59020: P 1:307(306)ack 68 win 4452 (DF)19:33:20.048557 80.103.152.253.www > 80.25.196.158.59020: F 307:307(0)ack 68 win 4452 (DF)19:33:20.457748 80.25.196.158.59020 > 80.103.152.253.www: R89339762:89339762(0) win 0 (DF)19:33:20.467740 80.25.196.158.59020 > 80.103.152.253.www: R89339762:89339762(0) win 019:33:23.287747 212.195.124.6.1617 > 80.103.152.154.1224: S517915135:517915135(0) win 65535 <mss 1420,nop,nop,sackOK> (DF)19:33:23.287849 80.103.152.253.1617 > 80.103.152.154.1224: S517915135:517915135(0) win 65535 <mss 1420,nop,nop,sackOK> (DF)19:33:24.767747 81.202.80.251.2686 > 80.103.152.253.www: S3109526358:3109526358(0) win 64240 <mss 1460,nop,nop,sackOK> (DF)19:33:24.767915 80.103.152.253.www > 81.202.80.251.2686: S1219814282:1219814282(0) ack 3109526359 win 4452 <mss1484,nop,nop,sackOK> (DF)19:33:25.017742 81.202.80.251.2686 > 80.103.152.253.www: . ack 1 win64240 (DF)19:33:25.037748 81.202.80.251.2686 > 80.103.152.253.www: P 1:66(65) ack1 win 64240 (DF)19:33:25.037827 80.103.152.253.www > 81.202.80.251.2686: . ack 66 win4452 (DF)


30 packets received by filter
0 packets dropped by kernel
xuvenka:/home/borxa#

Reply to:

Follow-Ups:
- Re: Hacker de la red, ¿quien esta enviando/reciviendo paquetes en mi PC?
  - From: Cesar Rincon <crincon@et.com.mx>
- Re: Hacker de la red, ¿quien esta enviando/reciviendo paquetes en mi PC?
  - From: Unikoke <unikoke@escomposlinux.org>
- Re: Hacker de la red,
  - From: tul <tul@tulinet.com>
- Re: Hacker de la red, ¿quien esta enviando/reciviendo paquetes en mi PC?
  - From: Juan Arnal Arlandis <juarnal@telefonica.net>

Prev by Date: dns en red interna
Next by Date: Cambiar resolucion con KDE3.1
Previous by thread: Re: dns en red interna
Next by thread: Re: Hacker de la red, ¿quien esta enviando/reciviendo paquetes en mi PC?
Index(es):
- Date
- Thread