[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Tracking down IP's

On Sun, Dec 31, 2000 at 08:32:48PM -0600, Richard Cobbe wrote:
> Lo, on Sunday, December 31, JD Kitch did write:
> > > Now, find out *who's* sending this traffic.  Make sure you've got the
> > > lsof-2.2 package installed.  As root, run
> > > 
> > > lsof | grep 61662 | grep -i udp
> > 
> > I do have that package, but this command turned up no output.
> Uh oh.  And you're still getting these log messages?  That's probably not
> good.  It's possible that lsof could slip through the cracks, so to speak,
> but it's pretty unlikely.

No, that's entirely expected behavior.  61662 was the *source* port of
the traffic in the original post.  161 (SNMP) was the destination port.
The protocol was UDP, which is stateless.  So the process sending the
UDP traffic doesn't keep port 61662 open.  Nothing at all to worry

Had 61662 been listed as the destination port (and had the original
poster read the ipchains log output correctly) then there might have
been something to be concerned about.


| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Attachment: pgpXoEHAGn1dq.pgp
Description: PGP signature

Reply to: