LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
LinkBack Search this Thread
Old 08-21-2004, 08:33 PM   #1
af_dave
Member
 
Registered: May 2004
Distribution: Slackware 9.1
Posts: 37

Rep: Reputation: 15
Incorrect destination addy on subnet traffic


I've been getting a decent amount of traffic that has someone else listed on my subnet as the destination instead of myself. Generally some http traffic or port 6436. The source is always listed as someone on my subnet.

Could this just be portscan because of my strict firewall rules?
 
Old 08-25-2004, 12:41 PM   #2
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Could you give us some examples of the traffic?
 
Old 08-28-2004, 11:22 PM   #3
af_dave
Member
 
Registered: May 2004
Distribution: Slackware 9.1
Posts: 37

Original Poster
Rep: Reputation: 15
packet received from xxx.xxx.xxx.25 to xxx.xxx.xxx.48

only my ip addy is xxx.xxx.xxx.15
 
Old 08-29-2004, 12:05 AM   #4
Capt_Caveman
Senior Member
 
Registered: Mar 2003
Distribution: Fedora
Posts: 3,658

Rep: Reputation: 57
Could you expand on that...how you're seeing those packets (log messages/packet sniffer/etc), what type of connection do you have (DSL/Cable), are you on a LAN with systems that have those IPs? Also if you could use tcpdump to capture a few example packets (use the -e option to dump link-level info), that might be informative.
 
Old 08-29-2004, 12:27 AM   #5
af_dave
Member
 
Registered: May 2004
Distribution: Slackware 9.1
Posts: 37

Original Poster
Rep: Reputation: 15
Yea I have a dsl and its all appearing to come from the same subnet. was using snort and ethereal. was having some weird problems with my linux box so its down at the moment. I'm not on a lan, just my ISP's network.
 
Old 08-29-2004, 02:43 AM   #6
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Your DSL connection may connect to a hub rather than a switch on the other side of the DSLAM, in which case the IP traffic would be echoed to all ports. That would be very, very strange though. It would also generate a huge amount of traffic if there are many other people in your area using DSL. It could be that there's so much traffic through the switch on your ISPs side that it actually floods the ARP cache and it briefly reverts to "hub mode". That would also be very weird.

Last edited by chort; 08-29-2004 at 02:45 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Possible? 1 public subnet/1 private; 1 host: traffic out the way it came in? JMCraig Linux - Networking 8 10-17-2005 08:12 PM
Incorrect Mouse, Incorrect Keymap, and Trapped in X Kenji Miyamoto Debian 8 08-24-2005 02:42 PM
routing http traffic to the correct box on subnet nodine Linux - Security 1 07-15-2004 09:51 AM
Installed 2nd BCM5700 NIC, when Pinging on this subnet receive destination host unrea timhe Linux - Networking 2 05-12-2004 09:52 AM
vpn only when destination matches given subnet colin.mca Linux - Networking 0 03-18-2004 03:29 AM


All times are GMT -5. The time now is 12:02 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration