1 |
>> >> My firewall is blocking periodic outbound connections to port 3680 on |
2 |
>> >> a Rackspace IP. How can I find out more about what's going on? Maybe |
3 |
>> >> which program is generating the connection requests? |
4 |
>> > |
5 |
>> > Uh, a packet sniffer? |
6 |
>> > |
7 |
>> > I have an old laptop here that I have a second (cardbus) network card in. |
8 |
>> > Really cheap and cheerful - the sort of thing you can pick up on |
9 |
>> > freecycle. It's been a while since I've done anything like this, but you |
10 |
>> > should be able to stick a box like that between the router and the rest |
11 |
>> > of your network, run Wireshark and filter on that port. If the |
12 |
>> > connection is encrypted then at least you'll see the originating IP. |
13 |
>> |
14 |
>> I've actually got the originating local IP from the shorewall log. |
15 |
>> I'm just trying to figure out which program and maybe which user on |
16 |
>> that system is generating the outbound requests to port 3680. Is |
17 |
>> there any way to get more info without setting up a new box? |
18 |
>> |
19 |
>> > I don't think it's relevant that the IP belongs to Rackspace - don't they |
20 |
>> > just hire (virtual) servers to anyone that wants one? |
21 |
>> |
22 |
>> Yeah I just meant the request could be going to "anyone". |
23 |
>> |
24 |
>> - Grant |
25 |
> |
26 |
> Are you running NPDS in your LAN and is it configured to access any sites on |
27 |
> rackspace? |
28 |
> -- |
29 |
> Regards, |
30 |
> Mick |
31 |
|
32 |
I am not running NPDS. I looked it up when I was researching port |
33 |
3680 and read about it for the first time. I know which machine is |
34 |
making the requests. Any way to drill down further? |
35 |
|
36 |
- Grant |