LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
Reload this Page portsentry broadcasts ???
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 09-03-2006, 09:20 PM   #1
gabsik
Member
 
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 567

Rep: Reputation: 30
portsentry broadcasts ???

I have found for the first time this logs from my gateway firewall:
Code:
Sep  4 03:55:46 argo BROADCASTS: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:93:3e:b0:32:08:00  SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=00 PREC=0x00 TTL=255 ID=4401 PROTO=UDP SPT=68 DPT=67 LEN=308
Sep  4 03:55:54 argo BROADCASTS: IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:0d:93:3e:b0:32:08:00  SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=00 PREC=0x00 TTL=255 ID=4402 PROTO=UDP SPT=68 DPT=67 LEN=308
They are coming from my lan interface eth1 and launching a :
Code:
root@argo:~# netstat -anptlu | grep 68
udp        0      0 0.0.0.0:68              0.0.0.0:*                          18351/portsentry
I found out they are coming from portsentry.
Now!
I have port 68 portsentry 'honeypot' from long time and it is the first time it goes broadcasting what 's happening ?Did it got compromise ?
Thanks for the help !
 
Old 09-04-2006, 02:06 AM   #2
camh
Member
 
Registered: Feb 2005
Distribution: Slack/Debian
Posts: 163
Blog Entries: 2

Rep: Reputation: 33
It looks like dhcp traffic.
 
Old 09-04-2006, 11:41 AM   #3
gabsik
Member
 
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 567

Original Poster
Rep: Reputation: 30
That's right.
But i don't use dhcp , it only is as fake portsentry service,portsentry 'honeypot'.
 
Old 09-10-2006, 07:30 PM   #4
gabsik
Member
 
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 567

Original Poster
Rep: Reputation: 30
Is portsentry able to build fake services going in broadcast noless?
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Getting broadcasts to the terminal debiant Linux - Networking 5 07-24-2006 09:51 AM
Problen with broadcasts in OpenVPN/bridging ValidiusMaximus Linux - Software 0 06-11-2005 08:08 AM
how to change notification email for portsentry and how to test portsentry roorings Linux - Security 1 11-04-2003 10:36 AM
Snort only sees broadcasts jymbo Linux - Security 4 10-01-2003 07:00 PM
Should I be worried about the NBNS broadcasts _LR_ Linux - Networking 3 05-21-2003 09:25 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 05:31 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration