[Linux] what does that look like?
Terry Richards
linux@flux.org
Mon, 18 Jun 2007 17:00:34 -0400
Duh, i never thought of that!
I love you guys, my hair loves ya too
i could not tell yas how many times i have asked, "is it me or is it . . ."
over the years, more often than not; when i have a problem, it turns out
to be the ISP,
un-be--leave-able
:-) ^2
Nicholas Saraniti wrote:
>Which may be the source of your "Disconnects"....
>
>Some ISP's will FILTER/BLOCK/DISCONNECT Bittorrent and Bittorrent-Like
>traffic during peak hours/times on residential accounts...
>
>Bellsouth didn't do this until their recent merger with AT&T... I have
>noticed that now, as they slowly switch from Bell to AT&T systems, they
>appear to do this if you have Basic residential DSL service.
>
>If I'm using Bittorent at home, my router disconnects and reconnects
>every 5-10 minutes... No bitorrent (Anything else running).. And it
>stays connected for days....
>
>Aaron Wolfe wrote:
>
>
>>That's just what bittorrent looks like. Nothing to be alarmed about.
>>If you notice, it is your own computer generating the traffic. So yes,
>>"someone" is using your laptop to send that traffic.. it's you :)
>>
>>-Aaron
>>
>>
>>-----Original Message-----
>>From: linux-admin@flux.org [mailto:linux-admin@flux.org] On Behalf Of
>>Terry Richards
>>Sent: Monday, June 18, 2007 12:50 AM
>>To: linux@flux.org
>>Subject: [Linux] what does that look like?
>>
>>
>>
>>
>>
>>>>:-)^2
>>>>
>>>>
>>>>
>>>>
>>>>
>>>this is just too weird. it is the laptop that looses the connection on
>>>
>>>
>>>
>>
>>
>>
>>>the lan. around 8-8:30 pm every sunday. the router seems to be fine.
>>>there is a connection after rebooting and i can get email - once. .
>>>.then i start bittorrent and it starts doing its' thing. then i hit
>>>get mail on thunderbird and the connection slowly peters out and dies.
>>>
>>>
>>>
>>
>>
>>
>>>reboot and it works.
>>>
>>>
>>>
>>>
>>>
>>ah-ha,
>>
>>Jun 17 22:24:55 terry-richards-powerbook-g4 snort: [1:621:7] SCAN FIN
>>[Classification: Attempted Information Leak] [Priority: 2]: {TCP}
>>192.168.0.102:49163 -> 89.190.210.92:56565
>>Jun 17 22:24:57 terry-richards-powerbook-g4 snort: [1:621:7] SCAN FIN
>>[Classification: Attempted Information Leak] [Priority: 2]: {TCP}
>>192.168.0.102:49165 -> 82.10.212.114:57003
>>Jun 17 22:24:59 terry-richards-powerbook-g4 snort: [1:621:7] SCAN FIN
>>[Classification: Attempted Information Leak] [Priority: 2]: {TCP}
>>192.168.0.102:49169 -> 201.160.64.166:16649
>>Jun 17 22:24:59 terry-richards-powerbook-g4 snort: [1:621:7] SCAN FIN
>>[Classification: Attempted Information Leak] [Priority: 2]: {TCP}
>>192.168.0.102:49175 -> 66.169.48.45:6881
>>Jun 17 22:24:59 terry-richards-powerbook-g4 snort: [1:621:7] SCAN FIN
>>[Classification: Attempted Information Leak] [Priority: 2]: {TCP}
>>192.168.0.102:49176 -> 83.86.228.64:65308
>>Jun 17 22:24:59 terry-richards-powerbook-g4 snort: [1:621:7] SCAN FIN
>>[Classification: Attempted Information Leak] [Priority: 2]: {TCP}
>>192.168.0.102:49181 -> 72.130.179.91:17433
>>Jun 17 22:24:59 terry-richards-powerbook-g4 snort: [1:621:7] SCAN FIN
>>[Classification: Attempted Information Leak] [Priority: 2]: {TCP}
>>192.168.0.102:49190 -> 71.80.181.76:6881
>>Jun 17 22:25:30 terry-richards-powerbook-g4 snort: [1:485:4] ICMP
>>Destination Unreachable Communication Administratively Prohibited
>>[Classification: Misc activity] [Priority: 3]: {ICMP} 88.64.184.71 ->
>>192.168.0.102
>>Jun 17 22:25:31 terry-richards-powerbook-g4 snort: (spp_arpspoof)
>>Unicast ARP request
>>Jun 17 22:26:17 terry-richards-powerbook-g4 snort: (spp_arpspoof)
>>Unicast ARP request
>>Jun 17 22:27:03 terry-richards-powerbook-g4 snort: (spp_arpspoof)
>>Unicast ARP request
>>Jun 17 22:27:49 terry-richards-powerbook-g4 snort: (spp_arpspoof)
>>Unicast ARP request
>>Jun 17 22:28:35 terry-richards-powerbook-g4 snort: (spp_arpspoof)
>>Unicast ARP request
>>
>>does this mean someone is using my laptop to send something to all those
>>
>>IPs ??? maybe feeding info from {ICMP} 88.64.184.71 -> 192.168.0.102
>>
>>
>>
>>
>>>/|\
>>>
>>>
>>>
>>>