Server nahle zacal prijimat pakety, ktere mu nepatri
Pavel Kankovsky
peak na argo.troja.mff.cuni.cz
Pátek Srpen 5 16:12:57 CEST 2005
On Fri, 5 Aug 2005, Stepan Roh wrote:
> 15:18:10.192445 00:00:ca:f5:76:27 > ff:ff:ff:ff:ff:ff, ethertype IPv4
> (0x0800),length 418: 61.175.164.50.2315 > 86.49.13.194.1434: UDP, length
> 376
>
> 15:18:32.324060 00:00:ca:f5:76:27 > ff:ff:ff:ff:ff:ff, ethertype IPv4
> (0x0800),length 78: 222.232.18.185.4807 > 86.49.11.140.139: S
> 3657899717:3657899717(0) win 53760 <mss 1460,nop,wscale
> 3,nop,nop,timestamp 0 0,nop,nop,sackOK>
>
> Podivuhodne mi pripadaji, protoze jsou to ethernet broadcasty (mam pravdu,
> ze?) s pakety z Ciny a Koreje, coz urcite neni cast UPC.
Cilove adresy jsou ale UPC, ne? Jinak ty pakety uz od pohledu smrdi, ten
kdo je poslal, nejspis nemel pratelske umysly.
> Jako odesilaci MAC adresa je vzdy 00:00:ca:f5:76:27, coz je MAC adresa
> defaultni gateway pro moji podsit (86.49.11.1, moje IP je 86.49.11.245,
> maska 255.255.255.0). To by me zajimalo, proc rozesila takoveto
> broadcasty.
Zrejme se tamni gateway zcvokla. Jestli sama od sebe, nebo ji nekdo
pomohl (treba nejakym ARP spoofingem), to uz je otazka...
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
Další informace o konferenci Linux