Who's calling home?

Discussion in 'LnS English Forum' started by Kansai, Nov 13, 2005.

Thread Status:
Not open for further replies.
  1. Kansai

    Kansai Registered Member

    Joined:
    Nov 13, 2005
    Posts:
    4
    My logs are full of this dude trying to get out. Anyone know what or who it is? Should I be concerned?

    Any help appreciated. :)

    Kansai
     

    Attached Files:

    • Logs.jpg
      Logs.jpg
      File size:
      146.1 KB
      Views:
      60
  2. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    ff ff ff ff ff ff is a broadcast address in Ethernet (i.e. it reaches every other node in your local network). This is most likely to be DHCP (Dynamic Host Configuration Protocol - used to acquire an IP address and therefore both legitimate and necessary) but you would need to check the packet contents to be certain.
     
  3. Kansai

    Kansai Registered Member

    Joined:
    Nov 13, 2005
    Posts:
    4
    Thanks for the reply.
    How do I check the packet content?

    Kansai
     
  4. Paranoid2000

    Paranoid2000 Registered Member

    Joined:
    May 2, 2004
    Posts:
    2,839
    Location:
    North West, United Kingdom
    Use a packet sniffer like Ethereal or the Socket Spy function of Port Explorer.

    Edit: Socket Spy will only work with IP packets - you will probably need Ethereal. That broadcast packet could also have been an ARP request (see Address Resolution Protocol (arp) for more details).
     
  5. Kansai

    Kansai Registered Member

    Joined:
    Nov 13, 2005
    Posts:
    4
    MSSQL server.exe

    Must have been a leftover when I was using TrackIT (help desk software) in my diploma course at tech.
    Port explorer highlighted all the connections, I deleted the software and all is quiet in the logs again.

    Thanx for your time. Cheers.

    Kansai
     
Thread Status:
Not open for further replies.