network logs: trace strange address

To: debian-user@lists.debian.org
Subject: network logs: trace strange address
From: BTP <smokefat@gmail.com>
Date: Sun, 5 Feb 2006 20:51:26 -0400
Message-id: <[🔎] 42ad30bb0602051651u4a39c9bdrf528cdcbd91fe5bb@mail.gmail.com>

Hi All,

I have encountered something different in my /var/log/snort/alert
logs, and I am curious where on my system I can find further traces of
this strange activity.

First off, I noticed entries such as the following when I did a grep
in my snort alert logs:
...
02/03-21:43:16.160972 192.168.1.102:32813 -> 62.4.17.14:21
02/03-21:59:07.780078 72.14.207.104:80 -> 192.168.1.102:32834
...
02/04-13:48:12.098337 192.168.1.103:32806 -> 72.14.205.83:80
02/04-17:39:16.682634 212.190.72.70:80 -> 192.168.1.103:32941
02/04-18:22:05.951133 192.168.1.103 -> 142.167.182.55
02/04-18:22:10.594090 192.168.1.103:61005 -> 142.167.182.55:705
..

I do'nt know where the "192.168.1.102, 192.168.1.103" came from,
because I only have two computers hooked up to my blue linksys dsl
router, whose ip addresses are constantly bound to 192.168.1.100 and
192.168.1.101 by DHCP. I checked the logs of both systems to check if
they bound to this 102/103 address before, and never. These two
computers cannot see eachother, they just use the router to share the
net.

Realizing this is not a networking problems mailing list, I am curious
where on the debian system I could further find traces of this IP if
it is actually valid for my networking setup.

Bart

Reply to:

Follow-Ups:
- Re: network logs: trace strange address
  - From: Andrew Sackville-West <andrew@farwestbilliards.com>

Prev by Date: Re: USB flash drive not automounting or mounting
Next by Date: Re: network logs: trace strange address
Previous by thread: Re: vi trying to connect to X
Next by thread: Re: network logs: trace strange address
Index(es):
- Date
- Thread