[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-users] Strange RaQ behavior??
- Subject: [cobalt-users] Strange RaQ behavior??
- From: "Wayne Sagar" <shortfork@xxxxxxxxxxx>
- Date: Wed Dec 12 20:16:34 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
I love it when we get all paranoid! But...
Ok.. here's my question.. about two days ago, a box on which I'm no longer
hosted, but apparantly still connected to the net, began getting connect
attempts from the box I'm currently using.
When I abandoned the old machine, I left the firewall on and logcheck in
place, apparantly what is happening is I'm getting emailed from the old box.
It took me a while to figure out where the extra logcheck report was coming
from, assuming it was just from my current machine.
Once I finally looked in at the messages carefully, I noticed that the
culprit trying to make the connections was MY NEW BOX!!!???
They always seem to be at one minute after the hour and there are about 2 to
4 attempts and all seem to be trying to reach the old machine on port 113
(example below, ip addresses changed to protect the *innocent*)
Dec 12 11:01:00 www kernel: Packet log: input DENY eth0 PROTO=6
my.new.ip.addy:3013 my.old.ip.addy:113 L=60 S=0x00 I=50348 F=0x4000 T=54 SYN
(#7)
Connects from my new box are via various higher ports, which incidently are
not listed in /etc/services
Could I be rooted at the new box???? No other signs, other than the damn
gmon.out files that have been created here and there on the new box for
about a month.. which I never got a response on here that did me any good..
HELP! I'm about to join the other fellow at the used car lot here!!!
WSagar
_________________________________________________________________
Join the world?s largest e-mail service with MSN Hotmail.
http://www.hotmail.com