RE: IDLE USER Defeat Program? (fwd)

MegaZone (megazone@livingston.com)
Tue, 4 Jun 1996 11:06:11 -0700 (PDT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: MegaZone: "Idle timeout broken in 3.3.2b3? (fwd)"
Previous message: MegaZone: "IDLE USER Defeat Program? (fwd)"

Once upon a time Leslie Bester shaped the electrons to say...
>OK, I decided to read the manual and created a filter to watch this guys traffic, here is what I got.. WHAT DOES THIS MEAN?!

;-)

>TCP from 205.200.13.34.1860 to 205.200.13.2.23 seq 241AEF7, ack 0x0, win 8192, SYN
>TCP from 205.200.13.34.1860 to 205.200.13.2.23 seq 241AEF8, ack 0x55D00446, win 8616, ACK
>TCP from 205.200.13.34.1860 to 205.200.13.2.23 seq 241AEF8, ack 0x55D00446, win 8616, FIN ACK
>TCP from 205.200.13.34.1860 to 205.200.13.2.23 seq 241AEF9, ack 0x55D00446, win 0, RST
>TCP from 205.200.13.34.1860 to 205.200.13.2.23 seq 241AEF9, ack 0x55D00446, win 0, RST
>
>This sequence repeats every 60 seconds..
>205.200.13.2 is my Radius/Web/Shell Account/Home-Dir server.. and 23 appears to be telnet. But this user is not logged in via telnet.
>Any suggestions as to what this guy is doing?

Well, it looks like he definitely has a connection to port 23, or he is
continuously trying to establish one. Have you examined who is on that
socket on the host and what they are doing?

-MZ

--
Although I work for Livingston Enterprises Technical Support, I alone am
responsible for everything contained herein.  So don't waste my managers'
time bitching to them if you don't like something I've said.  Flame me.
Phone: 800-458-9966  support@livingston.com  <http://www.livingston.com/> 
FAX: 510-426-8951    6920 Koll Center Parkway #220, Pleasanton, CA 94566

Next message: MegaZone: "Idle timeout broken in 3.3.2b3? (fwd)"
Previous message: MegaZone: "IDLE USER Defeat Program? (fwd)"