Wireshark · Ethereal-users: RE: [Ethereal-users] dealing with established connections (netstat -a)

Ethereal-users: RE: [Ethereal-users] dealing with established connections (netstat -a)

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: "Giles Scott" <gscott@xxxxxxxxxxxxxxxxx>

Date: Fri, 24 Jun 2005 02:34:51 -0700

You could an entry to the machines local host file something like this
should do.

127.0.0.1 opal.spod.org

Cheers

Giles

-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx] On Behalf Of nigel henry
Sent: Thursday, June 23, 2005 10:19 PM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] dealing with established connections (netstat
-a)

Hi folks. I've probably become a bit complacent using Linux, as Windoze
seems 
to be attracting most of the blackhat/scriptkiddie/cracker attention. I
fired 
up up one of my FC2 disros today to check for updates through apt-get
for 
Fedora legacy and planetccrma music apps. There were only 2. Beast and
caps. 
I've also got setiathome running on this distro through wine, so I
thought 
I'd let it run for a while and get a bit more of a data unit done.
(never 
know I might find ET). Then I saw a lot of incoming traffic on Ksim's
eth0 
monitor. Fired up Ethereal and saw this was coming from IP 195.92.99.99
. 
Whois merely took me back to Energis.com, who I presume is the ISP
asigned 
the block of addresses including this one. Netstat -a was more usefull. 
Showing my machine IP address the port ( a high numbered one) then Under

(Foreign Address) opal.spod.org:http  (State) ESTABLISHED.  A quick look
at 
Jeeves showed opal.spod.org is the server for www.uberworld.org , with a
very 
strong disclaimer on the page. I mean this looks a bit dodgy for a
start, 
likes looks like they are getting a lot of stick from disgruntled folks.
I've 
never used IRC, or any sort of chat room like this apart from MSN and
AIM 
through Gaim. As far as I know have never visited this site
(www.uberworld 
.com). How this has arrived on the machine I don't know. Without wishing
to 
ramble on. Can somebody let me know where I have to blacklist this 
(opal.spod.org), or if not a suggestion as to where to ask.


Main firewall: Smoothwall Express 2 (Totally Stealthed and confirmed by
Steve 
Gibsons Shields Up)

I've just re-booted this machine and the foreign entry (opal.spod.org)
is not 
present, but obviously I'm not happy with this situation. 

Many thanks in advance for any help with this. Nigel.

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users

Prev by Date: Re: [Ethereal-users] modem sniffing
Next by Date: Re: [Ethereal-users] Decoding CMIP Messages
Previous by thread: [Ethereal-users] dealing with established connections (netstat -a)
Next by thread: [Ethereal-users] capture_sync.c:625 assert failure in 0.10.11
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$