Re: Anyone Else Getting Hits Like This ?

Subject: Re: Anyone Else Getting Hits Like This ?
From: Fielder George Dowding (fgdowding@iceworm-enterprises.net)
Date: Mon Mar 04 2002 - 09:41:16 AKST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Coolidge, Darren: "RE: OT: cellphone?"
• Previous message: Joshua J.Kugler: "Re: MySQL error "Can't connect to...socket '/tmp/mysql.sock' (2)"
• Maybe reply: Fielder George Dowding: "Re: Anyone Else Getting Hits Like This ?"

Many thanks Bob! I had some idea it might be a broadcast packet
response, but I couldn't remember (if I ever knew in the first
place) the codes besides "eth1". My son, George, came over Saturday,
and in the course of the visit we discussed this phenomenon and
conducted an experiment.

With an xterm running "tail -f /var/log/messages" we observed the
output with the dsl up and down. There was no change. George pointed
out it was probably the ACS router or switch forwarding the
broadcast that someone else was sending when connecting. So while he
observed the output, I repaired to the communications closet and
removed the power from the dsl modem. The output ceased.

My conclusion is ACS has "improved" there service by "upgrading"
something.

Thanks again for your reply Bob. Regards. fgd

On Thu, 28 Feb 2002 15:05:58 -0900
Robert Swift <bswift@customcpu.com> wrote:

> George,
> Appears to be a broadcast packet from your machine - eth1 and
> can be confirmed by ID'ing the MAC address of your eth1 NIC.
> The SouRCe=0.0.0.0 is your network broadcast. The
> DeSTination=255.255.255.255 is everyone on your network. The
> LENgth=328 bytes and the PROTOcol=udp..... It's been awhile
> since I sniffed packets but I'm guessing you have a service
> running on your machine that periodically broadcasts on your
> network...... ie; Samba perhaps...... but you said the DSL is
> off so it definitely comes from your machine....... I may be
> off here but I think the SPT and DPT are the source and
> destination ports so what service do you have running that
> uses those ports?
> Bob
>
>
> ----- Original Message -----
> From: "Fielder George Dowding" <fgdowding@iceworm-enterprises.net>
> To: <aklug@aklug.org>
> Sent: Wednesday, February 27, 2002 9:47 PM
> Subject: Re: Anyone Else Getting Hits Like This ?
>
>
> >
> > Can anyone tell me what this is from or doing? It happens
> > whether or not I have dsl up. The "\" indicate a line break that
> > was not in the syslog file.
> >
> > fgd
> >
> > Feb 27 21:43:26 seth kernel: IN=eth1 \
> > OUT= MAC=ff:ff:ff:ff:ff:ff:00:60:38:60:41:b8:08:00 \
> > SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 \
> > PREC=0x00 TTL=128 ID=40188 PROTO=UDP SPT=68 DPT=67 LEN=308
> >
> > On Wed, 27 Feb 2002 15:50:30 +0800
> > "Jason C. Neumann" <lister@geekvenue.net> wrote:
SNIP!

• Next message: Coolidge, Darren: "RE: OT: cellphone?"
• Previous message: Joshua J.Kugler: "Re: MySQL error "Can't connect to...socket '/tmp/mysql.sock' (2)"
• Maybe reply: Fielder George Dowding: "Re: Anyone Else Getting Hits Like This ?"

This archive was generated by hypermail 2a23 : Mon Mar 04 2002 - 15:23:51 AKST