On Friday 20 Jan 2012 19:18:59 Grant wrote: > >> My firewall is blocking periodic outbound connections to port 3680 on > >> a Rackspace IP. How can I find out more about what's going on? Maybe > >> which program is generating the connection requests? > > > > Uh, a packet sniffer? > > > > I have an old laptop here that I have a second (cardbus) network card in. > > Really cheap and cheerful - the sort of thing you can pick up on > > freecycle. It's been a while since I've done anything like this, but you > > should be able to stick a box like that between the router and the rest > > of your network, run Wireshark and filter on that port. If the > > connection is encrypted then at least you'll see the originating IP. > > I've actually got the originating local IP from the shorewall log. > I'm just trying to figure out which program and maybe which user on > that system is generating the outbound requests to port 3680. Is > there any way to get more info without setting up a new box? > > > I don't think it's relevant that the IP belongs to Rackspace - don't they > > just hire (virtual) servers to anyone that wants one? > > Yeah I just meant the request could be going to "anyone". > > - Grant
Are you running NPDS in your LAN and is it configured to access any sites on rackspace? -- Regards, Mick
signature.asc
Description: This is a digitally signed message part.
