Security Basics mailing list archives
Re: from 127.0.0.1:80 to myIP:1838 on eth0
From: Useru Chior <useru_chior () yahoo com>
Date: 1 Oct 2003 08:14:37 -0000
In-Reply-To: <20030928143541.14575.qmail () sf-www3-symnsj securityfocus com> Latest reply in my e-mail account. By the way, please reply on the list. It is easier to follow. My reply is at the bottom. From: "jullian ortmann" To: useru chior Date: Wed, 01 Oct 2003 03:51:55 +0800 Subject: 127.0.0.1:80 Hi, I just had a similar experience. My home network was down, I could ping ip addresses but no domain names. The linux and one windows box didn't make web app connections to the internet and another windows2000 did (also I had left the browser open to slashdot and went to work, I have no idea what kind of effect that has). As it turns out my isp had changed dns servers. After the gateway box was changed and the dns options reset in the win boxes everything was fine. The interesting thing is that the w2k box didn't have have any trouble prior to me resetting the dns info. The 127.0.0.1:80 error turned up in my snort logs on the gateway/firewall box, I haven't fully researched this yet but that was my experience and my general setup. jullian -- ______________________________________________ http://www.linuxmail.org/ Now with e-mail forwarding for only US$5.95/yr Powered by Outblaze I do not think that the two incidents are connected. It looks to me like a probe of some sort. But I have no ideea what effect this probe would have on an unprotected machine. At this moment these strange packets are not appearing anymore on my network. If anyone has any ideea, please post. Post even if the explanation is so simple it will make me feel stupid. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: from 127.0.0.1:80 to myIP:1838 on eth0 Useru Chior (Oct 01)