Date: Thu, 25 Nov 2004 01:35:15 -0800 (PST) From: Dino Vliet <dino_vliet@yahoo.com> To: freebsd-questions@freebsd.org Subject: Help...am I being hacked? Message-ID: <20041125093515.3557.qmail@web51104.mail.yahoo.com>
next in thread | raw e-mail | index | archive | help
Hi all, I'm using freebsd 4.10 on my laptop and I was browsing my filesystem and looking at some log files, when I stumbled into the file dmesg.yesterday in /var/log/ The contents of this file worried me. Take a look at the last lines of it: Connection attempt to TCP 192.168.1.101:5554 from 220.147.188.223:4970 flags:0x02 Connection attempt to TCP 192.168.1.101:9898 from 220.147.188.223:1288 flags:0x02 Connection attempt to TCP 192.168.1.101:21 from 168.126.102.33:57216 flags:0x02 Connection attempt to UDP 192.168.1.101:1026 from 222.88.173.5:31889 Connection attempt to TCP 192.168.1.101:9898 from 67.1.4.194:3161 flags:0x02 But my IP on this machine starts with 130. But I recognize these IP's (192.168.1.101), because at home I'm using a e-tech router and it assigns me through DHCP 192.168.1.* as ip address every time I connect my laptop with this. At the campus, I'm also using dhcp to connect to the network. However, lately I haven't used my router at home and was only connecting through the network at the campus. There I get the ip address 130.37.28.112. I have removed the old dhcp.leases in /var/db that had the information of my e-tech router. I am using ipfw too now, but still it would be convenient to know where to look for hack attempts and look for log files which give information about connection attempts from outside. Thanks in advance Dino Vliet __________________________________ Do you Yahoo!? The all-new My Yahoo! - What will yours do? http://my.yahoo.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041125093515.3557.qmail>