On Tue, Aug 22, 2006 at 05:05:08PM +0200, Jonathan Schleifer wrote: > Joachim Schipper <[EMAIL PROTECTED]> wrote: > > > More than a *sigh* is in order here. What's he doing on your network, > > and where's the cluebat? > > He only used the gateway to surf the web. Oh, and not to forget: He's a > user on the jabber server (jabberd2) running on my router, so he > connected it. > > > There's a reference, so something seems to be holding open a > > connection (or at least trying to; this is according to my reading of > > man netstat | grep -A3 [Rr]ef). netstat(8) may be useful in finding > > this connection, and tcpdrop(8) in dealing with it. > > According to netstat, there is no open connection? > And what's strange: If I remove it manually and he restarts his > machine, it's in the routing table again - as expected. But if he turns > his PC off then the route won't timeout again. > > I think he's got some malware on his PC - that would be just typical > for a Windows box (*sigh* Why are there still people using Windows > seriously?). But how would that malware be able to keep the route even > if the machine is off and there's no open connection? >
Please send the output of "route -n get <IP>" -- the route timeout should be included this output. Do other machines on the LAN timeout normaly? -- :wq Claudio
