Date: Tue, 6 Nov 2001 17:12:42 +0100 (CET) From: =?iso-8859-1?q?m=20p?= <sumirati@yahoo.de> To: cs052279@yahoo.com Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Have I been hacked? Message-ID: <20011106161242.6299.qmail@web13303.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Chris wrote: > > That is the problem. The IP addresses listed here are > real. I have no machine with an IP of 0.0.0.0,68. It > is going from my firewall to the inside of my > network. > It looks like something on the firewall is looking for > a dhcp server. The IP 0.0.0.0 looks very suspicious > to me. Hi Chris, you are talking about a "firewall" here. Are you sure, that you have taken proper anti-spoofing-measures in your ruleset? The first idea is, take tcpdump and look what pakets are ariving at the outside of your firewall. IF they arrive _and_ the same packets are forwarded to your internal net modify your ruleset. If not, look at your firewall with sockstat for open ports and which program is using it. If you find something suspicous there ask again. Then you may had been hacked. Just my 0.02 DEM Marc __________________________________________________________________ Gesendet von Yahoo! Mail http://mail.yahoo.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011106161242.6299.qmail>