Re: [rlug] problema cu vmware workstation 6

Tue, 26 Jun 2007 10:49:09 -0700 

Mihai Anghelescu wrote:



pe gateway, la un tcpdump insa, am o gramada de trafic care nu prea ar 
avea ce sa caute :

[18:55] [EMAIL PROTECTED]:/etc/udev# tcpdump -nevi eth1 src host 192.168.0.5

tcpdump: listening on eth1, link-type EN10MB (Ethernet), capture size 
96 bytes
18:55:09.177646 00:03:0d:2b:93:45 > 00:50:22:c8:67:1d, ethertype IPv4 
(0x0800), length 62: (tos 0x0, ttl 128, id 3542, offset 0, flags [DF], 
proto: TCP (6), length: 48) 192.168.0.5.1154 > 192.168.52.136.5900: S, 
cksum 0x5a36 (correct), 1262423102:1262423102(0) win 65535 <mss 
1460,nop,nop,sackOK>
18:55:09.178244 00:03:0d:2b:93:45 > 00:50:22:c8:67:1d, ethertype IPv4 
(0x0800), length 62: (tos 0x0, ttl 128, id 3543, offset 0, flags [DF], 
proto: TCP (6), length: 48) 192.168.0.5.1155 > 192.168.114.201.5900: 
S, cksum 0xd2cf (correct), 759395166:759395166(0) win 65535 <mss 
1460,nop,nop,sackOK>
18:55:09.924566 00:03:0d:2b:93:45 > 00:50:22:c8:67:1d, ethertype IPv4 
(0x0800), length 62: (tos 0x0, ttl 128, id 3556, offset 0, flags [DF], 
proto: TCP (6), length: 48) 192.168.0.5.1156 > 192.168.7.174.5900: S, 
cksum 0x5f31 (correct), 734024602:734024602(0) win 65535 <mss 
1460,nop,nop,sackOK>
18:55:09.924693 00:03:0d:2b:93:45 > 00:50:22:c8:67:1d, ethertype IPv4 
(0x0800), length 62: (tos 0x0, ttl 128, id 3557, offset 0, flags [DF], 
proto: TCP (6), length: 48) 192.168.0.5.1157 > 192.168.33.92.5900: S, 
cksum 0xd249 (correct), 4089708238:4089708238(0) win 65535 <mss 
1460,nop,nop,sackOK>
18:55:09.924723 00:03:0d:2b:93:45 > 00:50:22:c8:67:1d, ethertype IPv4 
(0x0800), length 62: (tos 0x0, ttl 128, id 3558, offset 0, flags [DF], 
proto: TCP (6), length: 48) 192.168.0.5.1158 > 192.168.135.221.5900: 
S, cksum 0x3931 (correct), 185408028:185408028(0) win 65535 <mss 
1460,nop,nop,sackOK>
18:55:09.924764 00:03:0d:2b:93:45 > 00:50:22:c8:67:1d, ethertype IPv4 
(0x0800), length 62: (tos 0x0, ttl 128, id 3559, offset 0, flags [DF], 
proto: TCP (6), length: 48) 192.168.0.5.1159 > 192.168.222.231.5900: 
S, cksum 0xe567 (correct), 2632353024:2632353024(0) win 65535 <mss 
1460,nop,nop,sackOK>


e un troian.
incearca pe gateway:
tcpdump -ni any -p host 192.168.0.5|grep PONG

dupa cateva minute s-ar putea sa gasesti o conexiune irc pe unde troianu 
primeste comenzi.


_______________________________________________
RLUG mailing list
RLUG@lists.lug.ro
http://lists.lug.ro/mailman/listinfo/rlug






















					Raspunde prin e-mail lui