[mdlug] Strange Log Entry

Adam Behnke abehnke at gmail.com
Fri Apr 12 06:57:50 EDT 2013 

i'm thinking the window machine has been comprised and south africa is
poking around your internal network. the easiest fix/test is to
reformat/reinstall the windows box and see what happens.

btw, you should log into your router, disable telnet (pass through
protocols) if it's enabled and change the router logons username/password
too.


but i wear the tin foil hat around here...  :p


On Fri, Apr 12, 2013 at 5:03 AM, Jay Nugent <jjn at nuge.com> wrote:

> Greetings,
>
>
> On Thu, 11 Apr 2013, A. Zimmer wrote:
>
>  On Thu, 11 Apr 2013 22:46:05 -0400
>> Aaron Kulkis <akulkis00 at gmail.com> wrote:
>>
>>
>>> Sounds like the other machine is sending bad packets.
>>>
>>>
>> I don't know a lot about networking (which is why I'm asking here)
>> but UDP port 53 is for DNS related queries.  It seems that a DNS
>> server (196.21.79.50) is responding to a request from 192.168.0.4
>> with a bad packet.  But the address 192.168.0.4 does not exist
>> on my network.  The only machine that is connected is 192.168.0.2,
>> which is my Linux machine.  (My Windows box is shut off and when
>> connected has a different address.)
>>
>> IOW, if my machine is sending DNS queries (and using pdnsd it is
>> sending them) then the address for any responses from a DNS server
>> should be 192.168.0.2.  Where us this 192.168.0.4 coming from?
>>
>
>    Nothing happens in IP atop 802.3 ethernet without ARP.  Check your arp
> table to determine the MAC address of the ethernet card that sent the
> packet.
>
>       --- Jay
>
>         () ascii ribbon campaign in
>         /\ support of plain text e-mail
>
>   Averaging at least 3 days of MTBWTF!?!?!?
>  The solution for long term Internet growth is IPv6.
> +-----------------------------**------------------------------**
> -------------+
> | Jay Nugent   jjn at nuge.com    (734)484-5105    (734)649-0850/Cell       |
> |   Nugent Telecommunications  [www.nuge.com]                            |
> |   Internet Consulting/Linux SysAdmin/Engineering & Design              |
> | ISP Monitoring [www.ispmonitor.org] ISP & Modem Performance Monitoring |
> +-----------------------------**------------------------------**
> -------------+
>  05:01:01 up 266 days, 14:22,  2 users,  load average: 0.11, 0.13, 0.14
>
> ______________________________**_________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/**listinfo/mdlug<http://mdlug.org/mailman/listinfo/mdlug>
>

More information about the mdlug mailing list