From owner-freebsd-questions@freebsd.org Sun Feb 12 17:38:02 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1D96FCDC733 for ; Sun, 12 Feb 2017 17:38:02 +0000 (UTC) (envelope-from thenewcq@optimum.net) Received: from mta11.srv.hcvlny.cv.net (mta11.srv.hcvlny.cv.net [167.206.4.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "mail.optonline.net", Issuer "DigiCert SHA2 Secure Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DA1B51278 for ; Sun, 12 Feb 2017 17:38:00 +0000 (UTC) (envelope-from thenewcq@optimum.net) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=optimum.net; s=dkim-001; t=1486919872; bh=M98clZ+qZV3PJ9pGDJFd1eQUD+eYap3bFm3BUD86fwc=; h=Date:From:To:Subject:Message-ID; b=HKN3mhO/sCdI7lPRycm/FhJlw3P0+zqeNbL9IcbqWt4PHWMbuK12zoC6fhwkoJNat +dhmBrIk8TreqxVEiLGwCN0S1j6J//ZHKDXONdQAVaEaCOZlrPhbrjanWlTq9VRjnu pwhU/W/nNyuwWfIM/KUrfEwMPLN3vGXlktpDbivndU8yKkIY/WFL8JhK6VQ3aJh6gs P2an122JEnUw7CUBk5Vmec914NGaAgvOPGF+hyFSUfvw41U4UnM3KtOm3Stw1hskXi 6z2WEp5ompOP8+i0us+0Q7WEUJ/kOJtikpCBtvRsHgetET6/pkqcR9tGxWp9mXLbwg xoF+zdqsJKslA== X-Content-Analysis: v=2.1 cv=U+Bvdrfu c=1 sm=1 tr=0 a=6ZHx/kdBrWiwm0FuVBO0fg==:117 a=6ZHx/kdBrWiwm0FuVBO0fg==:17 a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10 a=kj9zAlcOel0A:10 a=bAAmCkz9I0oA:10 a=-5WMeQcgAAAA:8 a=TbKYJJ8-SGjinKRWY4IA:9 a=CjuIK1q_8ugA:10 a=dqhHHgqGWK6PZCAJIYkV:22 Received: from [69.125.2.106] ([69.125.2.106:35073] helo=newer.home) by mta3.srv.hcvlny.cv.net (envelope-from ) (ecelerity 3.6.9.48312 r(Core:3.6.9.0)) with ESMTP id 55/D6-11926-0C890A85; Sun, 12 Feb 2017 12:17:52 -0500 Date: Sun, 12 Feb 2017 12:18:09 -0500 From: sixto areizaga To: freebsd-questions@freebsd.org, jon@radel.com Subject: Re: wireshark issue Message-ID: <20170212121809.5bf28626@newer.home> In-Reply-To: References: <20170209174405.5d551b88@newer.home> X-Mailer: Claws Mail 3.14.0 (GTK+ 2.24.29; i386-portbld-freebsd11.0) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Feb 2017 17:38:02 -0000 I cut all the answers short, hoping that you read to the bottom. > On 2/9/17 5:44 PM, sixto areizaga wrote: > > Has anyone experienced something similar or have any info about the > > following using wireshark... > > < SNIP> > > > > anyone have a similar problem? > On Thu, 09 Feb 2017 18:22:23 -0500 Jon Radel wrote: > Somebody already answered the first time you asked this question. Why > ask again? I didn't. The first time I wrote it, it never posted, but a different post did. so I resent it. At which point, they BOTH appeared. Dude, ...why so hostile? It's a whole lot simpler than that. Maybe a glitch in my email program. Thinking about posting about it. > Yes, there are people out on the Internet who constantly scan ipv4 < SNIP > > at large-- This is obvious - I am actually looking for an exploit. The thing I need to do is rule out wireshark. > just look at the log of failed connection attempts or fire > up a copy of wireshark. I dont understand? We WERE talking about wireshark?!? > If you don't like it, block the traffic using a firewall. You can I just blocked it altogether. And no I dont like it. > Really, the only part of your question that *I* find remotely > interesting is how you determined that the client is actually a copy > of putty running on a mobile device, or at least looks like it is? Two things I found interesting. The first is that you suggested I use wireshark. When Wireshark was what informed me it was putty. Which is starting to look like ....the second thing I found interesting, Why so hostile? Wireshark gave me an IP and that the connection was from putty, Whois and google told me that its a mobile communications company.... nmap gave me: Ports open include some windows ports... conclusion: A port scaning script running off some windows laptop or tablet, exploiting putty. on a network which seems to come from China. [China] which means ....Some one in my neighborhood is passing around hacking software to the "kiddies" ...again. YES, a pattern on my network. (and with *my* neighbors) Pease, keep all that hostility to yourself! As far as what you typed above about ...putty being interesting, I thought you were actually gonna give me more insite on my issue?!? > Somebody already answered the first time you asked this question. Honestly? ....look I am deleting what I originally wrote for the response, the world has enough negativity in it already, I aint gonna add to it.