Re: from 127.0.0.1:80 to myIP:1838 on eth0

[Useru Chior <useru_chior () yahoo com>]

In-Reply-To: <20030928143541.14575.qmail () sf-www3-symnsj securityfocus com>

Latest reply in my e-mail account. By the way, please reply on the list. It is easier to follow. My reply is at the 
bottom.

From:   "jullian ortmann"
To:     useru chior
Date:   Wed, 01 Oct 2003 03:51:55 +0800
Subject:        127.0.0.1:80
        

Hi,

I just had a similar experience. My home network was down, I could ping 
ip addresses but no domain names. The linux and one windows box didn't 
make web app connections to the internet and another windows2000 did 
(also I had left the browser open to slashdot and went to work, I have no 
idea what kind of effect that has). As it turns out my isp had changed 
dns servers. After the gateway box was changed and the dns options 
reset in the win boxes everything was fine. The interesting thing is that 
the w2k box didn't have have any trouble prior to me resetting the dns 
info. The 127.0.0.1:80 error turned up in my snort logs on the 
gateway/firewall box, I haven't fully researched this yet but that was my 
experience and my general setup.

jullian
-- 
______________________________________________
http://www.linuxmail.org/
Now with e-mail forwarding for only US$5.95/yr

Powered by Outblaze



I do not think that the two incidents are connected. It looks to me like a probe of some sort. But I have no ideea what 
effect this probe would have on an unprotected machine. At this moment these strange packets are not appearing anymore 
on my network.
If anyone has any ideea, please post. Post even if the explanation is so simple it will make me feel stupid.

---------------------------------------------------------------------------
----------------------------------------------------------------------------