Re: Gentoo Linux you decide ( revision 2 )
> I have most of the hacked system on my nfs server and am bringing it
> to watch traffic.
> the trojan was sending data to ip address 220.127.116.11 on port 5353
> I cannot find who owns this IP address and it could be a decoy.[/color]
Read RFC 3171. That IP addr is part of the "Local Network
Control Block" of the "IPv4 multicast address".
A properly configured router should not allow a packet with
this destination address outside. Kind of like 192.168.*.*