I have some odd traffic coming off a fellow admins firewall. It is going
from port 8 of the firewall to port 0 on another of his machines. I know 0
is an old unix broadcast port, but what is on 8? Here is a log snippet:
Jul 12 06:26:29 polk kernel: Packet log: input DENY eth0 PROTO=1
+111.222.111.2:8 111.222.111.5:0 L=60 S=0x00 I=8960 F=0x0000 T=31 (#21)
Can anyone enlighten me? I know the packets are getting denied, but I
would like to know what is going on here. I really need to better learn
how to read syslog. It appears that his network has been compromised, but
I don't know how, or for what purpose. Oh, the firewall is a Linux box
using ipchains. Thanks.
geoffrey
+++++++++++++++++++++++++++++++++++
Santa Claus,
the Tooth Fairy,
Windows 2000 ...
Some things you just outgrow.
++++++++++++++++++++++++++++++++++
Key fingerprint ===> E8E2 1EC4 6640 1F9A 5A09 0DB6 FC5E BDAA D9CB 6F04
Public key available upon request.
PGP signature
