[Linux] what does that look like?

Terry Richards linux@flux.org
Mon, 18 Jun 2007 00:49:30 -0400 

>>
>> :-)^2
>>
>>
> this is just too weird. it is the laptop that looses the connection on 
> the lan. around 8-8:30 pm every sunday. the router seems to be fine.
> there is a connection after rebooting and i can get email - once. . 
> .then i start bittorrent and it starts doing its' thing. then i hit 
> get mail on thunderbird and the connection slowly peters out and dies. 
> reboot and it works.
>
>
ah-ha,

Jun 17 22:24:55 terry-richards-powerbook-g4 snort: [1:621:7] SCAN FIN 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 
192.168.0.102:49163 -> 89.190.210.92:56565
Jun 17 22:24:57 terry-richards-powerbook-g4 snort: [1:621:7] SCAN FIN 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 
192.168.0.102:49165 -> 82.10.212.114:57003
Jun 17 22:24:59 terry-richards-powerbook-g4 snort: [1:621:7] SCAN FIN 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 
192.168.0.102:49169 -> 201.160.64.166:16649
Jun 17 22:24:59 terry-richards-powerbook-g4 snort: [1:621:7] SCAN FIN 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 
192.168.0.102:49175 -> 66.169.48.45:6881
Jun 17 22:24:59 terry-richards-powerbook-g4 snort: [1:621:7] SCAN FIN 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 
192.168.0.102:49176 -> 83.86.228.64:65308
Jun 17 22:24:59 terry-richards-powerbook-g4 snort: [1:621:7] SCAN FIN 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 
192.168.0.102:49181 -> 72.130.179.91:17433
Jun 17 22:24:59 terry-richards-powerbook-g4 snort: [1:621:7] SCAN FIN 
[Classification: Attempted Information Leak] [Priority: 2]: {TCP} 
192.168.0.102:49190 -> 71.80.181.76:6881
Jun 17 22:25:30 terry-richards-powerbook-g4 snort: [1:485:4] ICMP 
Destination Unreachable Communication Administratively Prohibited 
[Classification: Misc activity] [Priority: 3]: {ICMP} 88.64.184.71 -> 
192.168.0.102
Jun 17 22:25:31 terry-richards-powerbook-g4 snort: (spp_arpspoof) 
Unicast ARP request
Jun 17 22:26:17 terry-richards-powerbook-g4 snort: (spp_arpspoof) 
Unicast ARP request
Jun 17 22:27:03 terry-richards-powerbook-g4 snort: (spp_arpspoof) 
Unicast ARP request
Jun 17 22:27:49 terry-richards-powerbook-g4 snort: (spp_arpspoof) 
Unicast ARP request
Jun 17 22:28:35 terry-richards-powerbook-g4 snort: (spp_arpspoof) 
Unicast ARP request

does this mean someone is using my laptop to send something to all those 
IPs  ??? maybe feeding info from {ICMP} 88.64.184.71 -> 192.168.0.102

> /|\
>