[Dshield] I think I caught something now what do I do?

James dshield at webfocus.com
Wed Mar 20 16:56:44 GMT 2002


What is your subnet mask that you were given from your ISP?


At 12:04 AM 3/20/2002 -0500, you wrote:
>You have to open this up wide to unwrap the lines, but here it is, I've 
>been sniffing my own line. I brought in some mail tonight and it shipped 
>itself out or tried to connect me somewhere. But I have the feed so now what?
><snip snip>
>it's an interesting question
>whois --> "aux-209-217-33-145.dallas.net:http" ?
>and what did I send them?
><snip snip>
>whois --> pcp890158pcs.centrl01.va.comcast.net ?
>trying to masquerade as my dns? pcp890158pcs ?
>That is someones computer for pete's sake!
>I saw this happen the other night too to the same addresses which is why 
>the heavy sniffer gear is going on.
>Anyone have any suggestions or ideas? John I will work on that procmail 
>package as quick as can be! I checked all recent mail that came in and 
>didn't find any links. It is perhaps this connection snuck in with the 
>mail? we are being CONSTANTLY pounded. I put a bag over the modem so as 
>not to have to look at it flashing incessantly.

More information about the list mailing list