Guess what: I got a new alert message. DROPPED IN=eth0 OUT= MAC=66.242.100.81 DST=66.255.255.255 LEN=*78* TOS=0X00 PREC=0X00 TTL=*64* ID=0 DF PROTO=UDP SPT=*137* DPT=*138* LEN=*58* It says IN=eth0; but eth0 isn't even hooked up (just has the card). The Mac address it gives me is the IP address of the nic and 66.255.255.255 looks like a reversed subnetmask. But according to ifconfig the mask is 255.255.255.255 (how is this possible?) Then it went to the old alert messsage. > ABORTED IN=ppp0 MAC= SRC=*66.242.102.40* DST=67.219.70.165 LEN=40 TOS=0X00 > PREC=0X00 TTL=116 ID=*58972* PROTO=TCP SPT=*110* DPT=*1170* SEQ=*678091395* > ACK=*678091395* WINDOW=0 RES0X00 RST URGP=0 > (numbers between '*' changed) > So what does all this mean? -- <:-)Mike(-:> Here is ifconfig: bmike1@0[bmike1]$ ifconfig eth0 Link encap:Ethernet HWaddr 00:08:C7:CA:62:4B inet addr:66.242.100.81 Bcast:192.168.0.255 Mask:255.0.0.0 UP BROADCAST MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:21 dropped:0 overruns:0 carrier:21 collisions:0 txqueuelen:100 RX bytes:0 (0.0 b) TX bytes:2607 (2.5 KiB) Interrupt:9 Base address:0xd800 Memory:df100000-df100038 lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 UP LOOPBACK RUNNING MTU:16436 Metric:1 RX packets:382 errors:0 dropped:0 overruns:0 frame:0 TX packets:382 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:26221 (25.6 KiB) TX bytes:26221 (25.6 KiB) ppp0 Link encap:Point-to-Point Protocol inet addr:67.225.220.17 P-t-P:67.225.208.7 Mask:255.255.255.255 UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 RX packets:475 errors:0 dropped:0 overruns:0 frame:0 TX packets:633 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:3 RX bytes:191196 (186.7 KiB) TX bytes:49170 (48.0 KiB) bmike1@0[bmike1]$ route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface tnt20.lax9.da.u * 255.255.255.255 UH 0 0 0 ppp0 66.0.0.0 * 255.0.0.0 U 0 0 0 eth0 default tnt20.lax9.da.u 0.0.0.0 UG 0 0 0 ppp0 bmike1@0[bmike1]$ sudo iptables --list Chain INPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- vei.net 192.168.0.255 logaborted tcp -- anywhere anywhere state RELATED,ESTABLISHED tcp flags:RST/RST ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem nicfilt all -- anywhere anywhere srcfilt all -- anywhere anywhere Chain FORWARD (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem srcfilt all -- anywhere anywhere Chain OUTPUT (policy DROP) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem s1 all -- anywhere anywhere Chain f0to1 (4 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ns state NEW ACCEPT udp -- anywhere anywhere udp spts:1024:65535 dpt:netbios-ns ACCEPT udp -- anywhere anywhere udp spt:netbios-ns dpt:netbios-ns ACCEPT udp -- anywhere anywhere udp spts:1024:65535 dpt:netbios-dgm ACCEPT udp -- anywhere anywhere udp spt:netbios-dgm dpt:netbios-dgm ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn state NEW ACCEPT udp -- anywhere anywhere udp spts:1024:65535 dpt:netbios-ssn ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpt:ipp state NEW ACCEPT udp -- anywhere anywhere udp dpt:ipp ACCEPT tcp -- anywhere anywhere tcp dpt:microsoft-ds state NEW ACCEPT udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:5999 ACCEPT udp -- anywhere anywhere udp spt:netbios-ns dpt:netbios-ns ACCEPT udp -- anywhere anywhere udp spt:netbios-dgm dpt:netbios-dgm ACCEPT udp -- anywhere anywhere udp dpts:6970:7170 ACCEPT icmp -- anywhere anywhere icmp echo-reply ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:65535 state NEW logdrop all -- anywhere anywhere Chain f1to0 (1 references) target prot opt source destination ACCEPT udp -- anywhere anywhere udp spt:netbios-ns dpts:1024:65535 ACCEPT udp -- anywhere anywhere udp spt:netbios-ns dpt:netbios-ns ACCEPT udp -- anywhere anywhere udp spt:netbios-dgm dpt:netbios-dgm ACCEPT icmp -- anywhere anywhere icmp redirect ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpts:5190:5193 state NEW ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpts:5190:5193 ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:smtp state NEW ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ns state NEW ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpt:netbios-ns ACCEPT udp -- anywhere anywhere udp spt:netbios-ns dpt:netbios-ns ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpt:netbios-dgm ACCEPT udp -- anywhere anywhere udp spt:netbios-dgm dpt:netbios-dgm ACCEPT tcp -- anywhere anywhere tcp dpt:netbios-ssn state NEW ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpt:netbios-ssn ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:dict state NEW ACCEPT udp -- anywhere anywhere udp dpt:3478 ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpt:time ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:time state NEW ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:1863 state NEW ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT tcp -- anywhere anywhere tcp dpt:554 state NEW ACCEPT tcp -- anywhere anywhere tcp dpt:7070 state NEW ACCEPT udp -- anywhere anywhere udp dpt:ntp ACCEPT udp -- anywhere anywhere udp dpts:33434:33600 ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:www state NEW ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:webcache state NEW ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:8008 state NEW ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:8000 state NEW ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:8888 state NEW ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:pop2 state NEW ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:11999 state NEW ACCEPT udp -- anywhere anywhere udp dpt:32816 ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:mysql state NEW ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT tcp -- anywhere anywhere tcp dpt:3030 state NEW ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:jabber-client state NEW ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:nntp state NEW ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpts:6660:6669 state NEW ACCEPT tcp -- anywhere anywhere tcp dpt:8765 state NEW ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:5050 state NEW ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:telnet state NEW ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpts:5000:5001 state NEW ACCEPT udp -- anywhere anywhere udp spts:1024:5999 dpt:5000 ACCEPT udp -- anywhere anywhere udp dpt:5061 ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:ftp state NEW ACCEPT tcp -- anywhere anywhere tcp dpt:rsync state NEW ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:https state NEW ACCEPT tcp -- anywhere anywhere tcp dpt:kerberos state NEW ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:pop3 state NEW ACCEPT tcp -- anywhere anywhere tcp dpt:6346 state NEW ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:pop3s state NEW ACCEPT udp -- anywhere anywhere udp dpt:5060 ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:imaps state NEW ACCEPT udp -- anywhere anywhere udp dpt:4000 ACCEPT tcp -- anywhere anywhere tcp spts:1024:65535 dpts:1024:65535 state NEW ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:postgresql state NEW ACCEPT tcp -- anywhere anywhere tcp spts:1024:5999 dpt:whois state NEW ACCEPT udp -- anywhere anywhere udp dpt:43 ACCEPT tcp -- anywhere anywhere tcp dpt:domain state NEW ACCEPT udp -- anywhere anywhere udp dpt:domain logdrop all -- anywhere anywhere Chain logaborted (1 references) target prot opt source destination logaborted2 all -- anywhere anywhere limit: avg 1/sec burst 10 LOG all -- anywhere anywhere limit: avg 2/min burst 1 LOG level warning prefix `LIMITED ' Chain logaborted2 (1 references) target prot opt source destination LOG all -- anywhere anywhere LOG level warning tcp-sequence tcp-options ip-options prefix `ABORTED ' ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED Chain logdrop (4 references) target prot opt source destination logdrop2 all -- anywhere anywhere limit: avg 1/sec burst 10 LOG all -- anywhere anywhere limit: avg 2/min burst 1 LOG level warning prefix `LIMITED ' DROP all -- anywhere anywhere Chain logdrop2 (1 references) target prot opt source destination LOG all -- anywhere anywhere LOG level warning tcp-sequence tcp-options ip-options prefix `DROPPED ' DROP all -- anywhere anywhere Chain logreject (0 references) target prot opt source destination logreject2 all -- anywhere anywhere limit: avg 1/sec burst 10 LOG all -- anywhere anywhere limit: avg 2/min burst 1 LOG level warning prefix `LIMITED ' REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable DROP all -- anywhere anywhere Chain logreject2 (1 references) target prot opt source destination LOG all -- anywhere anywhere LOG level warning tcp-sequence tcp-options ip-options prefix `REJECTED ' REJECT tcp -- anywhere anywhere reject-with tcp-reset REJECT udp -- anywhere anywhere reject-with icmp-port-unreachable DROP all -- anywhere anywhere Chain nicfilt (1 references) target prot opt source destination RETURN all -- anywhere anywhere RETURN all -- anywhere anywhere RETURN all -- anywhere anywhere RETURN all -- anywhere anywhere logdrop all -- anywhere anywhere Chain s0 (1 references) target prot opt source destination f0to1 all -- anywhere vei.net f0to1 all -- anywhere 192.168.0.255 f0to1 all -- anywhere mepis1 f0to1 all -- anywhere 1Cust17.tnt20.lax9.da.uu.net logdrop all -- anywhere anywhere Chain s1 (1 references) target prot opt source destination f1to0 all -- anywhere anywhere Chain srcfilt (2 references) target prot opt source destination s0 all -- anywhere anywhere bmike1@0[bmike1]$ (notice that eth0 is a new entry. I wonder why it is being read now) > Wait- this looks network related. Could this mean that my modem card is > bad? The destination is my IP address and I guess the source address is the > ISP. I just ran IFCONFIG and here is the output: > > bmike1@0[bmike1]$ ifconfig > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:50 errors:0 dropped:0 overruns:0 frame:0 > TX packets:50 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:2980 (2.9 KiB) TX bytes:2980 (2.9 KiB) > > ppp0 Link encap:Point-to-Point Protocol > inet addr:67.219.70.165 P-t-P:67.219.0.40 Mask:255.255.255.255 > UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1 > RX packets:1846 errors:0 dropped:0 overruns:0 frame:0 > TX packets:2286 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:3 RX bytes:447083 (436.6 KiB) > TX bytes:152819 (149.2 KiB) > bmike1@0[bmike1]$ > > Is there anyway to fix this? did some hackers get into my computer and > screw things up? > > Please advise. This message has been scanned for viruses by the VEI Internet Automatic Email Spam and Virus Scanner, and is believed to be free of spam or viruses. Please report spam to spamtrap@vei.net. If you would like 98.9 % spam blocked from your E-mail then go to VEI Internet for details. Anti-spam/Anti-virus is FREE with every account. http://www.vei.net/ mailtospamtrap@vei.net --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss