On Thursday 18 March 2004 10:35 pm, Jim Laurino wrote: > Hello, > > I added a rule with this matching pattern to > the iptables firewall on my machine. > > -m conntrack --ctstate ESTABLISHED,RELATED > > I am logging the matches, the only packets matching are icmp destination > unreachable packets that are responses to - > a udp packet sent to dest ports 1026 or 1027 that has the source IP of my > machine. > > I have now done parallel tcpdump tracing, (among other tests) and I now > think the original udp packets do not come from me, but rather that someone > is spoofing my IP address. I agree with this latter explanation. http://isc.incidents.org/port_details.html?port=1026 http://www.mynetwatchman.com/kb/security/articles/popupspam http://www.lurhq.com/popup_spam.html Regards, Antony -- Success is a lousy teacher. It seduces smart people into thinking they can't lose. - William H Gates III Please reply to the list; please don't CC me.
