"Ricardo Castanho de O. Freitas" wrote: > > Hi, > > I've got this recently and I would like some input on what this could > be... > I hope it isn't an intrusion...;-( > > Tabela de Roteamento IP do Kernel > Destino Roteador MáscaraGen. Opções MSS Janela irtt Iface > 211.200.31.150 - 255.255.255.255 !H - - - - > 200.176.230.0 * 255.255.255.0 U 40 0 0 eth0 > 192.168.0.0 * 255.255.255.0 U 40 0 0 eth1 > 127.0.0.0 * 255.0.0.0 U 40 0 0 lo > default 200.176.230.1 0.0.0.0 UG 40 0 0 eth0 > > the very first one (211.200.31.150) it's from HANARO Telcom (Korea... > where else?) > > It's not the first time though.... > > Any light? >
Very suspicious indeed! What does your output from "netstat -ltnp" show you? Or you can try "netstat -an | grep ESTABLISHED", and see what that output looks like. You must immediately start investigating (you are in good shape to do this if you loaded some defensive programs, i.e. root kit checking, tripwire, msec, etc.) I do not know your network setup but I can see no reason why a foreign ip addy would be part of your routing table. Did you run a "netstat -rn" too? drjung -- J. Craig Woods UNIX/NT Network/System Administration http://www.trismegistus.net/resume.html Character is built upon the debris of despair --Emerson
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
