[SOLVED-OT strange UDP]

[Gregory D Hough]

On 04/19/2004 09:21:28 AM, Noah John Gellner wrote:
> On Mon, 19 Apr 2004 08:05:15 -0400
> Gregory D Hough <mr6re9-mI4xJ4qlgtBiLUuM0BA3LQ at public.gmane.org> wrote:
> 
> > This packet may provide an additional clue. What is bcp? First of
> all I
> > do not use that address space anywhere in the network, someone is
> > either guessing or these were intended to reach another machine.
> 
> bcp:// is a further suggestion that your machine is being used by
> someone for filesharing using the donkey protocol. Have a look at:
> http://mail.gnu.org/archive/html/mldonkey-users/2002-12/msg00426.html
> for a discussion of the use of bcp and donkey.
> 
> Furthermore, after a donkey/mule session has been closed, there is a
> lot of network noise until all the other servers and clients finally
> realize that the session no longer exists. I don't know the technical
> details about this, but I am sure that the thread above will be able
> to provide the clues.
> 
> If it is all possible that a user on your system is using something
> like amule, xmule, mldonkey, or perhaps other apps, this seems the
> most likely source of the weird traffic.
> 
> Hope this is helpful.
>
It most certainly was! Thanks for the heads up. I must've brought this  
on myself being a bit overzealous with the Patch-O-Matic kernel and  
iptables. I suspect my use of -j TARPIT on all those DPT=6129 SYN  
packets made it look like I had a donkey and now I feel like an ass... 
lol

Thanks again,
farmer6re9 
--
The Toronto Linux Users Group.      Meetings: http://tlug.ss.org
TLUG requests: Linux topics, No HTML, wrap text below 80 columns
How to UNSUBSCRIBE: http://tlug.ss.org/subscribe.shtml