Hi All, I have encountered something different in my /var/log/snort/alert logs, and I am curious where on my system I can find further traces of this strange activity.
First off, I noticed entries such as the following when I did a grep in my snort alert logs: ... 02/03-21:43:16.160972 192.168.1.102:32813 -> 62.4.17.14:21 02/03-21:59:07.780078 72.14.207.104:80 -> 192.168.1.102:32834 ... 02/04-13:48:12.098337 192.168.1.103:32806 -> 72.14.205.83:80 02/04-17:39:16.682634 212.190.72.70:80 -> 192.168.1.103:32941 02/04-18:22:05.951133 192.168.1.103 -> 142.167.182.55 02/04-18:22:10.594090 192.168.1.103:61005 -> 142.167.182.55:705 .. I do'nt know where the "192.168.1.102, 192.168.1.103" came from, because I only have two computers hooked up to my blue linksys dsl router, whose ip addresses are constantly bound to 192.168.1.100 and 192.168.1.101 by DHCP. I checked the logs of both systems to check if they bound to this 102/103 address before, and never. These two computers cannot see eachother, they just use the router to share the net. Realizing this is not a networking problems mailing list, I am curious where on the debian system I could further find traces of this IP if it is actually valid for my networking setup. Bart
