Hi all,
just adding my few pennies worth of info.
I had a lot of issues in one location I used to be at, and I got into a lot of network monitoring stuff.
the 2 things I found most usefull where nmap and traceroute, below are sample outputs for my machine.
Code:
~$ nmap 127.0.0.1
Starting Nmap 6.00 ( http://nmap.org ) at 2013-12-09 21:40 CET
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0013s latency).
Not shown: 996 closed ports
PORT STATE SERVICE
80/tcp open http
631/tcp open ipp
3306/tcp open mysql
9090/tcp open zeus-admin
Nmap done: 1 IP address (1 host up) scanned in 0.37 seconds
As you can see it lists any services with thier open ports.
You should try this on the remote IP that is / was sending you data, it may be interesting.
You don't want to do this too often to a single site, as it is also something hackers do, and can result in getting your ip blacklisted as it pulls a lot of resources off of terminal you are mapping.
a traceroute to google is always interesting...
Code:
~$ traceroute www.google.com
traceroute to www.google.com (173.194.40.210), 30 hops max, 60 byte packets
1 xxx.xxx.x.x (xxx.xxx.x.x) 2.064 ms 2.750 ms 2.666 ms
2 xxx.xxx.x.x (xxx.xxx.x.x) 10.011 ms 14.395 ms 15.085 ms
3 mrs1rj-ae0.100.numericable.net (80.236.6.22) 14.917 ms 14.792 ms 14.702 ms
4 ip-214.net-80-236-0.static.numericable.fr (80.236.0.214) 14.658 ms 14.624 ms 14.529 ms
5 ip-209.net-80-236-0.static.numericable.fr (80.236.0.209) 16.673 ms 16.566 ms 16.405 ms
6 * 172.19.128.170 (172.19.128.170) 13.286 ms 10.916 ms
7 ip-161.net-80-236-1.static.numericable.fr (80.236.1.161) 10.101 ms 10.734 ms 13.521 ms
8 72.14.239.205 (72.14.239.205) 42.388 ms 22.008 ms 21.993 ms
9 209.85.243.51 (209.85.243.51) 14.360 ms 14.329 ms 14.291 ms
10 par10s12-in-f18.1e100.net (173.194.40.210) 14.057 ms 20.304 ms 21.372 ms
it may be interesting to see where the IP address that is being connected to is passing through.
Reputable ISPs aren't keen to have 'rogue' or 'hacker' IP addresses connecting via them, so they may be equally interested in getting this IP address blacklisted.
Good luck with your security searches, and with Ubuntu (or for you apparently K).
David
Bookmarks