Ricardo Castanho de O. Freitas wrote:
Hi,
I've got this recently and I would like some input on what this could
be...
I hope it isn't an intrusion...;-(
Tabela de Roteamento IP do Kernel
Destino RoteadorMáscaraGen.Opções MSS Janela irtt Iface
211.200.31.150 - 255.255.255.255 !H- - - -
200.176.230.0 * 255.255.255.0 U40 0 0 eth0
192.168.0.0 * 255.255.255.0 U40 0 0 eth1
127.0.0.0 * 255.0.0.0 U40 0 0 lo
default 200.176.230.1 0.0.0.0 UG 40 0 0 eth0
the very first one (211.200.31.150) it's from HANARO Telcom (Korea...
where else?)
It's not the first time though
Any light?
Very suspicious indeed! What does your output from netstat -ltnp show
you? Or you can try netstat -an | grep ESTABLISHED, and see what that
output looks like. You must immediately start investigating (you are in
good shape to do this if you loaded some defensive programs, i.e. root
kit checking, tripwire, msec, etc.) I do not know your network setup but
I can see no reason why a foreign ip addy would be part of your routing
table. Did you run a netstat -rn too?
drjung
--
J. Craig Woods
UNIX/NT Network/System Administration
http://www.trismegistus.net/resume.html
Character is built upon the debris of despair --Emerson
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com