Guess what: I got a new alert message.
DROPPED IN=eth0 OUT= MAC=66.242.100.81 DST=66.255.255.255 LEN=*78* TOS=0X00
PREC=0X00 TTL=*64* ID=0 DF PROTO=UDP SPT=*137* DPT=*138* LEN=*58*
It says IN=eth0; but eth0 isn't even hooked up (just has the card). The Mac
address it gives me is the IP address of the nic and 66.255.255.255
looks like a reversed subnetmask. But according to ifconfig the mask is
255.255.255.255 (how is this possible?)
Then it went to the old alert messsage.
> ABORTED IN=ppp0 MAC= SRC=*66.242.102.40* DST=67.219.70.165 LEN=40 TOS=0X00
> PREC=0X00 TTL=116 ID=*58972* PROTO=TCP SPT=*110* DPT=*1170* SEQ=*678091395*
> ACK=*678091395* WINDOW=0 RES0X00 RST URGP=0
> (numbers between '*' changed)
>
So what does all this mean?
--
<:-)Mike(-:>
Here is ifconfig:
bmike1@0[bmike1]$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:08:C7:CA:62:4B
inet addr:66.242.100.81 Bcast:192.168.0.255 Mask:255.0.0.0
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:21 dropped:0 overruns:0 carrier:21
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:2607 (2.5 KiB)
Interrupt:9 Base address:0xd800 Memory:df100000-df100038
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:382 errors:0 dropped:0 overruns:0 frame:0
TX packets:382 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:26221 (25.6 KiB) TX bytes:26221 (25.6 KiB)
ppp0 Link encap:Point-to-Point Protocol
inet addr:67.225.220.17 P-t-P:67.225.208.7 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:475 errors:0 dropped:0 overruns:0 frame:0
TX packets:633 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:191196 (186.7 KiB) TX bytes:49170 (48.0 KiB)
bmike1@0[bmike1]$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
tnt20.lax9.da.u * 255.255.255.255 UH 0 0 0 ppp0
66.0.0.0 * 255.0.0.0 U 0 0 0 eth0
default tnt20.lax9.da.u 0.0.0.0 UG 0 0 0 ppp0
bmike1@0[bmike1]$ sudo iptables --list
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- vei.net 192.168.0.255
logaborted tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp flags:RST/RST
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
nicfilt all -- anywhere anywhere
srcfilt all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
srcfilt all -- anywhere anywhere
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
s1 all -- anywhere anywhere
Chain f0to1 (4 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ns state NEW
ACCEPT udp -- anywhere anywhere udp spts:1024:65535 dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp spts:1024:65535 dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere udp spt:netbios-dgm dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn state NEW
ACCEPT udp -- anywhere anywhere udp spts:1024:65535 dpt:netbios-ssn
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:ipp state NEW
ACCEPT udp -- anywhere anywhere udp dpt:ipp
ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds state NEW
ACCEPT udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:5999
ACCEPT udp -- anywhere anywhere udp spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp spt:netbios-dgm dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere udp dpts:6970:7170
ACCEPT icmp -- anywhere anywhere icmp echo-reply
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:65535 state NEW
logdrop all -- anywhere anywhere
Chain f1to0 (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535
ACCEPT udp -- anywhere anywhere udp spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp spt:netbios-dgm dpt:netbios-dgm
ACCEPT icmp -- anywhere anywhere icmp redirect
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpts:5190:5193 state NEW
ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpts:5190:5193
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:smtp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ns state NEW
ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp spt:netbios-ns dpt:netbios-ns
ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpt:netbios-dgm
ACCEPT udp -- anywhere anywhere udp spt:netbios-dgm dpt:netbios-dgm
ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn state NEW
ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpt:netbios-ssn
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:dict state NEW
ACCEPT udp -- anywhere anywhere udp dpt:3478
ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpt:time
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:time state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:1863 state NEW
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT tcp -- anywhere anywhere tcp dpt:554 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:7070 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:ntp
ACCEPT udp -- anywhere anywhere udp dpts:33434:33600
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:www state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:webcache state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:8008 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:8000 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:8888 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:pop2 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:11999 state NEW
ACCEPT udp -- anywhere anywhere udp dpt:32816
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:mysql state NEW
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT tcp -- anywhere anywhere tcp dpt:3030 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:jabber-client state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:nntp state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpts:6660:6669 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:8765 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:5050 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:telnet state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpts:5000:5001 state NEW
ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpt:5000
ACCEPT udp -- anywhere anywhere udp dpt:5061
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:ftp state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:rsync state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:https state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:kerberos state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:pop3 state NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:6346 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:pop3s state NEW
ACCEPT udp -- anywhere anywhere udp dpt:5060
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:imaps state NEW
ACCEPT udp -- anywhere anywhere udp dpt:4000
ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:65535 state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:postgresql state NEW
ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:whois state NEW
ACCEPT udp -- anywhere anywhere udp dpt:43
ACCEPT tcp -- anywhere anywhere tcp dpt:domain state NEW
ACCEPT udp -- anywhere anywhere udp dpt:domain
logdrop all -- anywhere anywhere
Chain logaborted (1 references)
target prot opt source destination
logaborted2 all -- anywhere anywhere limit: avg 1/sec burst 10
LOG all -- anywhere anywhere limit: avg 2/min burst 1 LOG level warning prefix `LIMITED '
Chain logaborted2 (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning tcp-sequence tcp-options ip-options prefix `ABORTED '
ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED
Chain logdrop (4 references)
target prot opt source destination
logdrop2 all -- anywhere anywhere limit: avg 1/sec burst 10
LOG all -- anywhere anywhere limit: avg 2/min burst 1 LOG level warning prefix `LIMITED '
DROP all -- anywhere anywhere
Chain logdrop2 (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning tcp-sequence tcp-options ip-options prefix `DROPPED '
DROP all -- anywhere anywhere
Chain logreject (0 references)
target prot opt source destination
logreject2 all -- anywhere anywhere limit: avg 1/sec burst 10
LOG all -- anywhere anywhere limit: avg 2/min burst 1 LOG level warning prefix `LIMITED '
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
DROP all -- anywhere anywhere
Chain logreject2 (1 references)
target prot opt source destination
LOG all -- anywhere anywhere LOG level warning tcp-sequence tcp-options ip-options prefix `REJECTED '
REJECT tcp -- anywhere anywhere reject-with tcp-reset
REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable
DROP all -- anywhere anywhere
Chain nicfilt (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
RETURN all -- anywhere anywhere
logdrop all -- anywhere anywhere
Chain s0 (1 references)
target prot opt source destination
f0to1 all -- anywhere vei.net
f0to1 all -- anywhere 192.168.0.255
f0to1 all -- anywhere mepis1
f0to1 all -- anywhere 1Cust17.tnt20.lax9.da.uu.net
logdrop all -- anywhere anywhere
Chain s1 (1 references)
target prot opt source destination
f1to0 all -- anywhere anywhere
Chain srcfilt (2 references)
target prot opt source destination
s0 all -- anywhere anywhere
bmike1@0[bmike1]$
(notice that eth0 is a new entry. I wonder why it is being read now)
> Wait- this looks network related. Could this mean that my modem card is
> bad? The destination is my IP address and I guess the source address is the
> ISP. I just ran IFCONFIG and here is the output:
>
> bmike1@0[bmike1]$ ifconfig
> lo Link encap:Local Loopback
> inet addr:127.0.0.1 Mask:255.0.0.0
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:50 errors:0 dropped:0 overruns:0 frame:0
> TX packets:50 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:2980 (2.9 KiB) TX bytes:2980 (2.9 KiB)
>
> ppp0 Link encap:Point-to-Point Protocol
> inet addr:67.219.70.165 P-t-P:67.219.0.40 Mask:255.255.255.255
> UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
> RX packets:1846 errors:0 dropped:0 overruns:0 frame:0
> TX packets:2286 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:3 RX bytes:447083 (436.6 KiB)
> TX bytes:152819 (149.2 KiB)
> bmike1@0[bmike1]$
>
> Is there anyway to fix this? did some hackers get into my computer and
> screw things up?
>
> Please advise.
This message has been scanned for viruses by the VEI Internet
Automatic Email Spam and Virus Scanner, and is believed to be free of spam or viruses.
Please report spam to
spamtrap@vei.net. If you would like 98.9 % spam blocked from your
E-mail then go to VEI Internet for details. Anti-spam/Anti-virus is FREE with every account.
http://www.vei.net/
mailtospamtrap@vei.net
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)