Help...am I being hacked?
Dino Vliet
dino_vliet at yahoo.com
Thu Nov 25 01:35:17 PST 2004
Hi all,
I'm using freebsd 4.10 on my laptop and I was browsing
my filesystem and looking at some log files, when I
stumbled into the file dmesg.yesterday in /var/log/
The contents of this file worried me. Take a look at
the last lines of it:
Connection attempt to TCP 192.168.1.101:5554 from
220.147.188.223:4970 flags:0x02
Connection attempt to TCP 192.168.1.101:9898 from
220.147.188.223:1288 flags:0x02
Connection attempt to TCP 192.168.1.101:21 from
168.126.102.33:57216 flags:0x02
Connection attempt to UDP 192.168.1.101:1026 from
222.88.173.5:31889
Connection attempt to TCP 192.168.1.101:9898 from
67.1.4.194:3161 flags:0x02
But my IP on this machine starts with 130.
But I recognize these IP's (192.168.1.101), because at
home I'm using a e-tech router and it assigns me
through DHCP 192.168.1.* as ip address every time I
connect my laptop with this. At the campus, I'm also
using dhcp to connect to the network. However, lately
I haven't used my router at home and was only
connecting through the network at the campus. There I
get the ip address 130.37.28.112.
I have removed the old dhcp.leases in /var/db that had
the information of my e-tech router.
I am using ipfw too now, but still it would be
convenient to know where to look for hack attempts and
look for log files which give information about
connection attempts from outside.
Thanks in advance
Dino Vliet
__________________________________
Do you Yahoo!?
The all-new My Yahoo! - What will yours do?
http://my.yahoo.com
More information about the freebsd-questions
mailing list