[Dshield] I think I caught something now what do I do?
dshield at webfocus.com
Wed Mar 20 16:56:44 GMT 2002
What is your subnet mask that you were given from your ISP?
At 12:04 AM 3/20/2002 -0500, you wrote:
>You have to open this up wide to unwrap the lines, but here it is, I've
>been sniffing my own line. I brought in some mail tonight and it shipped
>itself out or tried to connect me somewhere. But I have the feed so now what?
>it's an interesting question
>whois --> "aux-209-217-33-145.dallas.net:http" ?
>and what did I send them?
>whois --> pcp890158pcs.centrl01.va.comcast.net ?
>trying to masquerade as my dns? pcp890158pcs ?
>That is someones computer for pete's sake!
>I saw this happen the other night too to the same addresses which is why
>the heavy sniffer gear is going on.
>Anyone have any suggestions or ideas? John I will work on that procmail
>package as quick as can be! I checked all recent mail that came in and
>didn't find any links. It is perhaps this connection snuck in with the
>mail? we are being CONSTANTLY pounded. I put a bag over the modem so as
>not to have to look at it flashing incessantly.
More information about the list