Re: Tracking down IP's
On Sun, Dec 31, 2000 at 08:32:48PM -0600, Richard Cobbe wrote:
> Uh oh. And you're still getting these log messages? That's probably not
> good. It's possible that lsof could slip through the cracks, so to speak,
> but it's pretty unlikely.
>
> > Just yesterday I got another machine connected to this one via a
> > second nic, and I have a windows machine attched that I'm
> > masquerading for, but that is not the IP i configured that machine
> > to be. I'm certainly not knowingly running anything for SNMP, hell,
> > I don't even know what it is. :P Any ideas, what I might be running
> > that would cause this?
>
> I've not worked with masquerading much; I use ipchains primarily for
> firewalling. It's possible (though, I think, fairly unlikely) that this
> record is due to packets you're relaying for the Windows box. That's easy
> to test:
>
> ipchains -I input 1 -s <windows-box's-IP> -p udp -d 0.0.0.0/0 161 -l -j DENY
Thanks to everyone for all the assistance. I actually took the lazy
way out on this one. Once Richard explained SNMP, it made total
sense that it was coming from the attached windows machine, since it
was my "corperate" laptop which is typically connected at work to
the office LAN. So, I just disconnected the laptop, and sure enough
all the messages stopped.
Thanks again!!
jdk
Reply to: