This is sort of a debian question... I have a small lan at my home with two debian systems and a win98 connected to the Internet via a IDSL Efficient Networks SpeedStream router. The strange behavior is my win98 system powered-on all by itself while I was in the room (at 2AM). I was puzzled by this behavior and noticed that the bios was set to power-on from a modem signal. I disabled this signal and shut the system down.
I noticed some network activity on the router with only a single debian system active on the network. After shutting down this system, I still noticed the network lights flashing from time to time.
The next day I rebooted the debian system and tried a tcpdump to identify the network activity. Here is a typical printout of the offending packets:
19:30:39.258584 0:20:6f:e:bb:96 > 1:80:c2:0:0:0 802.1d ui/C
>>> Unknown IPX Data: (43 bytes)
[000] 00 00 00 00 00 80 00 00 20 6F 0E BB 96 00 00 00
........ o......
[010] 00 80 00 00 20 6F 0E BB 96 00 00 00 00 14 00 02
.... o.. ........
[020] 00 0F 00 00 00 00 00 00 00 00 00
........ ...
len=43
Does anybody know how to decipher this output? The typical TCP/IP packet outputs are pretty easy to figure out. (NOTE: As far as I know none of my systems use IPX)
Is there a way to tell if this is coming from outside my LAN or is it some strange behavior of my router? I am wondering if this could be some type of hack attack on my systems.
Thanks for your time!
Doug Thistlethwaite