On Monday 09 May 2005 14:27, Mike Klinke wrote: > Broadcasting what? Â > > Run tcpdump/windump or a similar packet capture utility on your lan > to capture the data. ÂJust because you have a PC, Linux or Win, > that uses a particular ephemeral port for outgoing connections is > not an indication of something wrong. ÂNormally a PC will increment > it's port usage and wrap around at port 65535 and begin again so > it's going to run past all ephemeral ports eventually. It looks like my laptop was sending packets from 31337 to port 36949 on another machine. The curious thing, though, is that the other machine is my server at home, which I check regularly for my e-mail. The events were last Thursday, and it happened twice. Nevertheless, our IT guy insists that my laptop has been compromised. I've done chkrootkit on it and tightened down the firewall even more, but I can't find anything odd about it. My logs show no activity on that port for that date, but I wouldn't expect to see any. -- Richard S. Crawford http://www.mossroot.com
Attachment:
pgpreRsO5eMRn.pgp
Description: PGP signature
