From owner-freebsd-questions Tue Nov 6 7:16:25 2001 Delivered-To: freebsd-questions@freebsd.org Received: from web14803.mail.yahoo.com (web14803.mail.yahoo.com [216.136.224.219]) by hub.freebsd.org (Postfix) with SMTP id DCBED37B419 for ; Tue, 6 Nov 2001 07:16:17 -0800 (PST) Message-ID: <20011106151617.9015.qmail@web14803.mail.yahoo.com> Received: from [198.88.118.10] by web14803.mail.yahoo.com via HTTP; Tue, 06 Nov 2001 07:16:17 PST Date: Tue, 6 Nov 2001 07:16:17 -0800 (PST) From: Chris Subject: Re: Have I been hacked? To: Tim Wilde Cc: freebsd-questions@FreeBSD.ORG In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG That is the problem. The IP addresses listed here are real. I have no machine with an IP of 0.0.0.0,68. It is going from my firewall to the inside of my network. It looks like something on the firewall is looking for a dhcp server. The IP 0.0.0.0 looks very suspicious to me. -Chris --- Tim Wilde wrote: > On Tue, 6 Nov 2001, Chris wrote: > > > 0.0.0.0,68 255.255.255.255,67 0/0 > udp > > 9264 3044133 2:00 > > > > This is something that concerns me since I don't > have > > any udp ports open incoming and I don't run a dhcp > > server off this box. Does anybody know what this > > could mean. > > That looks like an outgoing DHCP client request, not > something to do with > a DHCP server on the box - is the machine this comes > from requesting an IP > via DHCP? Check for "dhclient" running in a ps aux > or similar. > > Tim > > -- > Tim Wilde > twilde@dyndns.org > Systems Administrator > Dynamic DNS Network Services > http://www.dyndns.org/ > __________________________________________________ Do You Yahoo!? Find a job, post your resume. http://careers.yahoo.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message