Podivne chovani uzivatele

Jan Pechanec jp at devnull.cz
Tue Mar 16 23:56:54 CET 2004
Previous message: Podivne chovani uzivatele
Next message: procmail?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, 15 Mar 2004, Bretislav Kubesa wrote:

>Co si myslite o tomto chovani ? O co se dotycny snazi ? Zjistil jsem to
>nahodne pri TCPDUMP, pavelka.wc je interni adresa pocitace pripojena pres
>stejneho poskytovatele.
>Skenuje pouze adresy nebo se na ne snazi i pripojovat a hleda diru ? Bezna
>cinnost to predpokladam neni....

	stacilo by se trochu podivat po portech...

http://www.seifried.org/security/ports/4000/4662.html

	h.

>Diky za nazor.
>
>BK
>
>TCPDUMP SRC HOST pavelka.wc
>20:16:06.549527 pavelka.wc.4485 >
>modemcable136.35-131-66.mc.videotron.ca.4662: P 4001310029:4001311329(1300)
>ack 592639705 win 64128 (DF)
>20:16:06.589635 pavelka.wc.1092 > 62.99.91.24.hosts2-ns: P
>4084617725:4084617767(42) ack 3114864133 win 64192 (DF)
>20:16:06.591246 pavelka.wc.1082 > 220.119.84.56.4662: S
>4084130948:4084130948(0) win 60352 <mss 1460,nop,wscale 2,nop,nop,sackOK>
>(DF)
>20:16:06.685672 pavelka.wc.4861 > pD9E49066.dip.t-dialin.net.4662: P
>4053544851:4053545781(930) ack 110547975 win 64140 (DF)
>20:16:06.698679 pavelka.wc.1098 > 200-158-7-10.dsl.telesp.net.br.4662: S
>4085134761:4085134761(0) win 60352 <mss 1460,nop,wscale 2,nop,nop,sackOK>
>(DF)
>20:16:06.699839 pavelka.wc.4580 > cpe-069-132-066-159.carolina.rr.com.4662:
>. ack 110671731 win 64240 (DF)
>20:16:06.718416 pavelka.wc.4485 >
>modemcable136.35-131-66.mc.videotron.ca.4662: P 2760:3770(1010) ack 1 win
>64128 (DF)
>20:16:06.836679 pavelka.wc.4861 > pD9E49066.dip.t-dialin.net.4662: P
>930:2370(1440) ack 1 win 64140 (DF)
>20:16:06.836723 pavelka.wc.4861 > pD9E49066.dip.t-dialin.net.4662: P
>2370:2412(42) ack 1 win 64140 (DF)
>20:16:06.837470 pavelka.wc.4389 > 211.46.166.32.4662: . ack 13755348 win
>64240 (DF)
>20:16:06.864342 pavelka.wc.4346 > 61.254.101.218.4661: P
>3389532124:3389532444(320) ack 2418872494 win 64240 (DF)
>20:16:06.865354 pavelka.wc.socks >
>host147-179.pool80180.interbusiness.it.19001: P 4083678637:4083678659(22)
>ack 1468086789 win 64175 (DF)
>20:16:06.894063 pavelka.wc.1333 >
>137.Red-81-35-134.pooles.rima-tde.net.4662: P 3499831910:3499833350(1440)
>ack 16905124 win 64225 (DF)
>20:16:06.894099 pavelka.wc.1100 > 218.152.166.134.4662: S
>4085496070:4085496070(0) win 60352 <mss 1460,nop,wscale 2,nop,nop,sackOK>
>(DF)
>20:16:06.964497 pavelka.wc.4861 > pD9E49066.dip.t-dialin.net.4662: P
>2412:3852(1440) ack 1 win 64140 (DF)
>20:16:06.964545 pavelka.wc.4861 > pD9E49066.dip.t-dialin.net.4662: P
>3852:3900(48) ack 1 win 64140 (DF)
>20:16:06.966268 pavelka.wc.3959 > adsl-37.152-DynIP.ssp.fi.4662: P
>3339190338:3339190423(85) ack 560692613 win 63900 (DF)
>20:16:06.992210 pavelka.wc.4352 > pD9ECB6E7.dip.t-dialin.net.4662: P
>3966929669:3966930139(470) ack 3659795434 win 64127 (DF)
>20:16:07.011722 pavelka.wc.4861 > pD9E49066.dip.t-dialin.net.4662: P
>3900:4210(310) ack 1 win 64140 (DF)
>20:16:07.019853 pavelka.wc.4485 >
>modemcable136.35-131-66.mc.videotron.ca.4662: P 3770:5070(1300) ack 1 win
>64128 (DF)
>20:16:07.020223 pavelka.wc.ansoft-lm-1 > pD9EC79BD.dip.t-dialin.net.4662: S
>4084317545:4084317545(0) win 60352 <mss 1460,nop,wscale 2,nop,nop,sackOK>
>(DF)
>20:16:07.022374 pavelka.wc.4389 > 211.46.166.32.4662: . ack 1091 win 63967
>(DF)
>20:16:07.099376 pavelka.wc.1092 > 62.99.91.24.hosts2-ns: P 42:199(157) ack
>96 win 64168 (DF)
>20:16:07.118993 pavelka.wc.4861 > pD9E49066.dip.t-dialin.net.4662: P
>4210:4670(460) ack 1 win 64140 (DF)
>20:16:07.120338 pavelka.wc.4834 > offshore.svnets.lv.4662: . ack 3901892128
>win 64057 (DF)
>20:16:07.123269 pavelka.wc.4580 > cpe-069-132-066-159.carolina.rr.com.4662:
>. ack 1461 win 64240 (DF)
>20:16:07.137144 pavelka.wc.socks >
>host147-179.pool80180.interbusiness.it.19001: P 22:44(22) ack 41 win 64165
>(DF)
>20:16:07.211332 pavelka.wc.4963 > 145.Red-81-37-63.pooles.rima-tde.net.4662:
>P 4068367769:4068369213(1444) ack 4106327097 win 64192 (DF)
>20:16:07.237390 pavelka.wc.4526 > syr-24-59-130-202.twcny.rr.com.4665: P
>4016305708:4016306746(1038) ack 5978829 win 65331 (DF)
>20:16:07.237426 pavelka.wc.4346 > 61.254.101.218.4661: . ack 1461 win 64240
><nop,nop,sack sack 1 {2921:5841} > (DF)
>20:16:07.257738 pavelka.wc.4485 >
>modemcable136.35-131-66.mc.videotron.ca.4662: P 1300:2470(1170) ack 1 win
>64128 (DF)
>20:16:07.289243 pavelka.wc.1333 >
>137.Red-81-35-134.pooles.rima-tde.net.4662: P 1440:2880(1440) ack 1 win
>64225 (DF)
>20:16:07.292617 pavelka.wc.1101 > c107-119.icpnet.pl.4662: S
>4085659158:4085659158(0) win 60352 <mss 1460,nop,wscale 2,nop,nop,sackOK>
>(DF)
>20:16:07.301055 pavelka.wc.4389 > 211.46.166.32.4662: . ack 2551 win 64240
>(DF)
>20:16:07.302423 pavelka.wc.1102 > 218.152.145.182.4662: S
>4085718971:4085718971(0) win 60352 <mss 1460,nop,wscale 2,nop,nop,sackOK>
>(DF)
>20:16:07.314514 pavelka.wc.sj3 > host87-29.pool80182.interbusiness.it.4626:
>. ack 607988863 win 64240 (DF)
>20:16:07.377474 pavelka.wc.3458 >
>228.Red-81-37-104.pooles.rima-tde.net.6881: P 3817638609:3817639969(1360)
>ack 2853182455 win 64187 (DF)
>20:16:07.405560 pavelka.wc.3458 >
>228.Red-81-37-104.pooles.rima-tde.net.6881: P 1360:2720(1360) ack 1 win
>64187 (DF)
>20:16:07.457259 pavelka.wc.4485 >
>modemcable136.35-131-66.mc.videotron.ca.4662: P 5070:6530(1460) ack 1 win
>64128 (DF)
>
>

-- 
Jan Pechanec <jp (at) devnull (dot) cz>
Previous message: Podivne chovani uzivatele
Next message: procmail?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the Users-l mailing list