On 2020-02-01 13:26, Ed Greshko wrote: > I'm pretty sure we tracked down what happened using arp to some degree. OK.... Maybe it wasn't that simple..... I just found my emails from 15 years ago. Glad I didn't delete them. :-) Turns out we saw the return/reject packets at the GW/FW which had Intrusion detection SW. This is what raised alarm bells. This tracked backto a system which they wanted to access but didn't have routing setup correctly. It didn't know where to send replies to the foreign IP so it sent it to the default route. That then lead usto the rogue system. So, I was mistaken. I enjoy being wrong twice in one day. -- The key to getting good answers is to ask good questions. _______________________________________________ users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
