[Madlug] Thanks for the tips on port sources

John Kelly johnk at ecol.net
Mon Aug 26 15:03:56 CDT 2002


Thanks all.

I ran fuser and was able to identify the source application. Still have
weirdness with Mozilla 1.0, though. When I click on the address book
button in the main browser window, Mozilla starts running DNS queries
and ends up at find.com. Ethereal told me mozilla is first connecting to
the mozilla.org domain and then making DNS queries that end up at
find.com (??). I've heard of exploits using redirects like that, but I
don't understand it very well (still a newbie for the most part). I
started wondering about trojans when I noticed my ram dropping from
about 245mg to 3mg after I got online. PortSentry was eating it all up
with thousands of messages. Hope they were false positives. After a
solid dip into paranoia, I think I made an idiot of myself with my ISP
sending in my html packet logs. I'm getting a lot of port scans. 

At any rate, mucho thanks!

Cheers from Fox Mulder,
JK
-- 
John Kelly
johnk at ecol.net
http://www.ecol.net/~johnk/index.html
Your Fortune Cookie: 
You will greet a penguin today.

---
[This E-mail scanned for viruses by Declude Virus]




More information about the Madlug mailing list