Complete.Org: Mailing Lists: Archives: linux-help: August 2001:
[linux-help] Re: strange network traffic 		Home

[linux-help] Re: strange network traffic

[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index] [Thread Index]
To: linux-help@xxxxxxxxx
Subject: [linux-help] Re: strange network traffic
From: Bruce Bales <bbales@xxxxxxxxxxx>
Date: Tue, 07 Aug 2001 10:23:13 -0500
Reply-to: linux-help@xxxxxxxxx 
Yep.  My Frazierwall is denying about 25 hits per hour overnight, most of them 
to port 80.
bruce


"gLaNDix (Jesse Kaufman)" wrote:

> well, after freaking out and trying everything i could think of, i went to
> the RR webpage to see if anything strange was going on...  from the
> information on the page, seems like the strange constant flow of traffic
> (going on 48 solid hrs!) is due to Code Red...  damn NT/2k boxes! : ^ )
>
> <<< lloydix.2y.net FreeBSD 4.3-RELEASE #0: Thu Jul 5 06:16:31 CDT 2001 
> glandix@xxxxxxxxxxxxxx:/usr/obj/usr/src/sys/LLOYDIX >>>
>
> On Mon, 6 Aug 2001, gLaNDix (Jesse Kaufman) wrote:
>
> >
> > tonite, i've been seeing a constant flow of network traffic going thru
> > both my cablemodem and switch...  not exactly sure how to check out what
> > is going on, but i tried running tcpdump and here's a small sample of
> > what's showing:
> >
> > ...
> > 04:02:59.385454 wks-166-132-164.kscable.com.2119 > ns2.kscable.com.domain:
> > 51495+ PTR? 128.222.94.24.in-addr.arpa. (44)
> > 04:02:59.464077 ns2.kscable.com.domain > wks-166-132-164.kscable.com.2119:
> > 51495* 1/2/2 (174)
> > 04:02:59.465871 wks-166-132-164.kscable.com.2120 > ns2.kscable.com.domain:
> > 51496+ PTR? 76.134.166.24.in-addr.arpa. (44)
> > 04:02:59.494552 ns2.kscable.com.domain > wks-166-132-164.kscable.com.2120:
> > 51496* 1/0/0 (84)
> > 04:02:59.496524 wks-166-132-164.kscable.com.2121 > ns2.kscable.com.domain:
> > 51497+ PTR? 147.222.94.24.in-addr.arpa. (44)
> > 04:02:59.583626 ns2.kscable.com.domain > wks-166-132-164.kscable.com.2121:
> > 51497* 1/2/2 (174)
> > 04:02:59.585460 wks-166-132-164.kscable.com.2122 > ns2.kscable.com.domain:
> > 51498+ PTR? 187.222.94.24.in-addr.arpa. (44)
> > 04:02:59.599965 ns2.kscable.com.domain > wks-166-132-164.kscable.com.2122:
> > 51498* 1/2/2 (174)
> > 04:02:59.615680 arp who-has wks-166-135-147.kscable.com tell
> > wks-166-132-1.kscable.com
> > 04:02:59.676452 arp who-has wks-94-222-9.kscable.com tell
> > wks-94-222-1.kscable.com
> > 04:02:59.714806 arp who-has wks-94-198-117.kscable.com tell
> > wks-94-198-1.kscable.com
> > 04:02:59.736141 arp who-has wks-94-222-98.kscable.com tell
> > wks-94-222-1.kscable.com
> > ...
> >
> > any ideas?
> >
> > gLaNDix
> >
> > <<< lloydix.2y.net FreeBSD 4.3-RELEASE #0: Thu Jul 5 06:16:31 CDT 2001 
> > glandix@xxxxxxxxxxxxxx:/usr/obj/usr/src/sys/LLOYDIX >>>
> >
> >
> > -- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
> > visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
> >
>
> -- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
> visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi

-- This is the linux-help@xxxxxxxxx list.  To unsubscribe,
visit http://tmp2.complete.org/cgi-bin/listargate-aclug.cgi
[Prev in Thread] Current Thread [Next in Thread]