Re: I think I've been hacked...please help!

[Joe Warner <rootman22 () attbi com>]

dominik wrote:

> this is just normal traffic in a cable modem network.
> i've got a lot of arp queries,too. (all the time)
> the bootp queries to the broadcast adress are also normal.
> so don't worry...
>
> dominik

Ok, I was almost too embarrassed to respond and acknowledge
the idiocy of my last post but since so many people responded with
free tickets to the clue train, I think it's only fair that I should
respond with an explanation.

A while ago, when AT&T was still @home, I used Snort to monitor my
cable connection and I could swear that I didn't see any traffic like
this.  This is the first time that I've used Snort to monitor my
connection
after AT&T switched over to their own network (@attbi)

Shortly after I hit the "Send" button on my last message, I did a
"whois" on 12.254.196.1 and the other IP addresses and realized that it
was just
normal ARP queries coming from AT&T.

Sorry for wasting everyone's time and letting paranoia/panic get the
best of me.

Humbly,

Joe


--
If you think the problem is bad now, just wait until we've solved it.
                -- Arthur Kasspe




----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com