Date: Tue, 6 Nov 2001 07:16:17 -0800 (PST) From: Chris <cs052279@yahoo.com> To: Tim Wilde <twilde@dyndns.org> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Have I been hacked? Message-ID: <20011106151617.9015.qmail@web14803.mail.yahoo.com> In-Reply-To: <Pine.GSO.4.40.0111061004040.13169-100000@quartz.bos.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
That is the problem. The IP addresses listed here are real. I have no machine with an IP of 0.0.0.0,68. It is going from my firewall to the inside of my network. It looks like something on the firewall is looking for a dhcp server. The IP 0.0.0.0 looks very suspicious to me. -Chris --- Tim Wilde <twilde@dyndns.org> wrote: > On Tue, 6 Nov 2001, Chris wrote: > > > 0.0.0.0,68 255.255.255.255,67 0/0 > udp > > 9264 3044133 2:00 > > > > This is something that concerns me since I don't > have > > any udp ports open incoming and I don't run a dhcp > > server off this box. Does anybody know what this > > could mean. > > That looks like an outgoing DHCP client request, not > something to do with > a DHCP server on the box - is the machine this comes > from requesting an IP > via DHCP? Check for "dhclient" running in a ps aux > or similar. > > Tim > > -- > Tim Wilde > twilde@dyndns.org > Systems Administrator > Dynamic DNS Network Services > http://www.dyndns.org/ > __________________________________________________ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011106151617.9015.qmail>