[Linux-disciples] What does this mean?
Stephen R Laniel
steve at laniels.org
Thu Jul 7 07:58:59 EDT 2005
On Wed, Jul 06, 2005 at 10:27:00PM -0500, Karl Sokol wrote:
> What is
>
> Inbound IN=eth0 OUT= MAC=00:01:29:ff:5e:a5:00:09:5b:d5:24:d4:08:00 SRC=
> 172.157.124.18 DST=192.168.0.9 LEN=40 TOS=0x00 PREC=0x00 TTL=113 ID=22851 PROTO
> =TCP SPT=6348 DPT=53026 WINDOW=17680 RES=0x00 ACK URGP=0
>
> telling me.
It says that you received a packet of length 40 bytes from
host 172.157.124.18, port 6348, arriving on your local
address 192.168.0.9 port 53026. All the rest is TCP
minutiae.
The source address is from America Online. Were you using
gaim at the time?
I doubt this is a compromised host. It *is* excessive
logging, though: is it logging every inbound packet?
--
Stephen R. Laniel
steve at laniels.org
+(617) 308-5571
http://laniels.org/
PGP key: http://laniels.org/slaniel.key
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.bostoncoop.net/pipermail/linux-disciples/attachments/20050707/1c4b2ba4/attachment.pgp
More information about the Linux-disciples
mailing list