Podivne chovani uzivatele

Bretislav Kubesa bretislav.kubesa at centrum.cz
Mon Mar 15 20:54:17 CET 2004
Previous message: procmail?
Next message: Podivne chovani uzivatele
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Co si myslite o tomto chovani ? O co se dotycny snazi ? Zjistil jsem to
nahodne pri TCPDUMP, pavelka.wc je interni adresa pocitace pripojena pres
stejneho poskytovatele.
Skenuje pouze adresy nebo se na ne snazi i pripojovat a hleda diru ? Bezna
cinnost to predpokladam neni....
Diky za nazor.

BK

TCPDUMP SRC HOST pavelka.wc
20:16:06.549527 pavelka.wc.4485 >
modemcable136.35-131-66.mc.videotron.ca.4662: P 4001310029:4001311329(1300)
ack 592639705 win 64128 (DF)
20:16:06.589635 pavelka.wc.1092 > 62.99.91.24.hosts2-ns: P
4084617725:4084617767(42) ack 3114864133 win 64192 (DF)
20:16:06.591246 pavelka.wc.1082 > 220.119.84.56.4662: S
4084130948:4084130948(0) win 60352 <mss 1460,nop,wscale 2,nop,nop,sackOK>
(DF)
20:16:06.685672 pavelka.wc.4861 > pD9E49066.dip.t-dialin.net.4662: P
4053544851:4053545781(930) ack 110547975 win 64140 (DF)
20:16:06.698679 pavelka.wc.1098 > 200-158-7-10.dsl.telesp.net.br.4662: S
4085134761:4085134761(0) win 60352 <mss 1460,nop,wscale 2,nop,nop,sackOK>
(DF)
20:16:06.699839 pavelka.wc.4580 > cpe-069-132-066-159.carolina.rr.com.4662:
. ack 110671731 win 64240 (DF)
20:16:06.718416 pavelka.wc.4485 >
modemcable136.35-131-66.mc.videotron.ca.4662: P 2760:3770(1010) ack 1 win
64128 (DF)
20:16:06.836679 pavelka.wc.4861 > pD9E49066.dip.t-dialin.net.4662: P
930:2370(1440) ack 1 win 64140 (DF)
20:16:06.836723 pavelka.wc.4861 > pD9E49066.dip.t-dialin.net.4662: P
2370:2412(42) ack 1 win 64140 (DF)
20:16:06.837470 pavelka.wc.4389 > 211.46.166.32.4662: . ack 13755348 win
64240 (DF)
20:16:06.864342 pavelka.wc.4346 > 61.254.101.218.4661: P
3389532124:3389532444(320) ack 2418872494 win 64240 (DF)
20:16:06.865354 pavelka.wc.socks >
host147-179.pool80180.interbusiness.it.19001: P 4083678637:4083678659(22)
ack 1468086789 win 64175 (DF)
20:16:06.894063 pavelka.wc.1333 >
137.Red-81-35-134.pooles.rima-tde.net.4662: P 3499831910:3499833350(1440)
ack 16905124 win 64225 (DF)
20:16:06.894099 pavelka.wc.1100 > 218.152.166.134.4662: S
4085496070:4085496070(0) win 60352 <mss 1460,nop,wscale 2,nop,nop,sackOK>
(DF)
20:16:06.964497 pavelka.wc.4861 > pD9E49066.dip.t-dialin.net.4662: P
2412:3852(1440) ack 1 win 64140 (DF)
20:16:06.964545 pavelka.wc.4861 > pD9E49066.dip.t-dialin.net.4662: P
3852:3900(48) ack 1 win 64140 (DF)
20:16:06.966268 pavelka.wc.3959 > adsl-37.152-DynIP.ssp.fi.4662: P
3339190338:3339190423(85) ack 560692613 win 63900 (DF)
20:16:06.992210 pavelka.wc.4352 > pD9ECB6E7.dip.t-dialin.net.4662: P
3966929669:3966930139(470) ack 3659795434 win 64127 (DF)
20:16:07.011722 pavelka.wc.4861 > pD9E49066.dip.t-dialin.net.4662: P
3900:4210(310) ack 1 win 64140 (DF)
20:16:07.019853 pavelka.wc.4485 >
modemcable136.35-131-66.mc.videotron.ca.4662: P 3770:5070(1300) ack 1 win
64128 (DF)
20:16:07.020223 pavelka.wc.ansoft-lm-1 > pD9EC79BD.dip.t-dialin.net.4662: S
4084317545:4084317545(0) win 60352 <mss 1460,nop,wscale 2,nop,nop,sackOK>
(DF)
20:16:07.022374 pavelka.wc.4389 > 211.46.166.32.4662: . ack 1091 win 63967
(DF)
20:16:07.099376 pavelka.wc.1092 > 62.99.91.24.hosts2-ns: P 42:199(157) ack
96 win 64168 (DF)
20:16:07.118993 pavelka.wc.4861 > pD9E49066.dip.t-dialin.net.4662: P
4210:4670(460) ack 1 win 64140 (DF)
20:16:07.120338 pavelka.wc.4834 > offshore.svnets.lv.4662: . ack 3901892128
win 64057 (DF)
20:16:07.123269 pavelka.wc.4580 > cpe-069-132-066-159.carolina.rr.com.4662:
. ack 1461 win 64240 (DF)
20:16:07.137144 pavelka.wc.socks >
host147-179.pool80180.interbusiness.it.19001: P 22:44(22) ack 41 win 64165
(DF)
20:16:07.211332 pavelka.wc.4963 > 145.Red-81-37-63.pooles.rima-tde.net.4662:
P 4068367769:4068369213(1444) ack 4106327097 win 64192 (DF)
20:16:07.237390 pavelka.wc.4526 > syr-24-59-130-202.twcny.rr.com.4665: P
4016305708:4016306746(1038) ack 5978829 win 65331 (DF)
20:16:07.237426 pavelka.wc.4346 > 61.254.101.218.4661: . ack 1461 win 64240
<nop,nop,sack sack 1 {2921:5841} > (DF)
20:16:07.257738 pavelka.wc.4485 >
modemcable136.35-131-66.mc.videotron.ca.4662: P 1300:2470(1170) ack 1 win
64128 (DF)
20:16:07.289243 pavelka.wc.1333 >
137.Red-81-35-134.pooles.rima-tde.net.4662: P 1440:2880(1440) ack 1 win
64225 (DF)
20:16:07.292617 pavelka.wc.1101 > c107-119.icpnet.pl.4662: S
4085659158:4085659158(0) win 60352 <mss 1460,nop,wscale 2,nop,nop,sackOK>
(DF)
20:16:07.301055 pavelka.wc.4389 > 211.46.166.32.4662: . ack 2551 win 64240
(DF)
20:16:07.302423 pavelka.wc.1102 > 218.152.145.182.4662: S
4085718971:4085718971(0) win 60352 <mss 1460,nop,wscale 2,nop,nop,sackOK>
(DF)
20:16:07.314514 pavelka.wc.sj3 > host87-29.pool80182.interbusiness.it.4626:
. ack 607988863 win 64240 (DF)
20:16:07.377474 pavelka.wc.3458 >
228.Red-81-37-104.pooles.rima-tde.net.6881: P 3817638609:3817639969(1360)
ack 2853182455 win 64187 (DF)
20:16:07.405560 pavelka.wc.3458 >
228.Red-81-37-104.pooles.rima-tde.net.6881: P 1360:2720(1360) ack 1 win
64187 (DF)
20:16:07.457259 pavelka.wc.4485 >
modemcable136.35-131-66.mc.videotron.ca.4662: P 5070:6530(1460) ack 1 win
64128 (DF)
Previous message: procmail?
Next message: Podivne chovani uzivatele
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users-l mailing list