When I did netstat -M on my debian NAT firewall, I got the following entry:
prot expire source destination ports . . . tcp 118:59.12 zaphod.example.org 209.225.26.22 3294 -> 5000 (64996) . . . Zaphod is a Windows ME box. I recently read the article on Slashdot and K5 about zombies and am quite concerned. But I do not think that this program is a zombie because the thing on port 5000 of the remote box does not appear to be an IRC server. I'm preparing to set up a netstat script on my firewall to catch any packets on that connection, but I nmaped the foregin box, so if he's awake at all, he already knows that I know about him. Does anyone know what this is? -- Jordan Bettis <http://www.hafd.org/~jordanb/> Pray: To ask that the laws of the universe be annulled in behalf of a single petitioner, who is confessedly unworthy. -- Ambrose Bierce
