1 |
On Friday 20 Jan 2012 19:18:59 Grant wrote: |
2 |
> >> My firewall is blocking periodic outbound connections to port 3680 on |
3 |
> >> a Rackspace IP. How can I find out more about what's going on? Maybe |
4 |
> >> which program is generating the connection requests? |
5 |
> > |
6 |
> > Uh, a packet sniffer? |
7 |
> > |
8 |
> > I have an old laptop here that I have a second (cardbus) network card in. |
9 |
> > Really cheap and cheerful - the sort of thing you can pick up on |
10 |
> > freecycle. It's been a while since I've done anything like this, but you |
11 |
> > should be able to stick a box like that between the router and the rest |
12 |
> > of your network, run Wireshark and filter on that port. If the |
13 |
> > connection is encrypted then at least you'll see the originating IP. |
14 |
> |
15 |
> I've actually got the originating local IP from the shorewall log. |
16 |
> I'm just trying to figure out which program and maybe which user on |
17 |
> that system is generating the outbound requests to port 3680. Is |
18 |
> there any way to get more info without setting up a new box? |
19 |
> |
20 |
> > I don't think it's relevant that the IP belongs to Rackspace - don't they |
21 |
> > just hire (virtual) servers to anyone that wants one? |
22 |
> |
23 |
> Yeah I just meant the request could be going to "anyone". |
24 |
> |
25 |
> - Grant |
26 |
|
27 |
Are you running NPDS in your LAN and is it configured to access any sites on |
28 |
rackspace? |
29 |
-- |
30 |
Regards, |
31 |
Mick |