Rogue Packets on Port 1027? - SSH

This is a discussion on Rogue Packets on Port 1027? - SSH ; Randy Yates writes: > Hi, > > THANKS much for the education/information. Perhaps the post > hadn't migrated to your usenet server yet, but I found the > problem - a misconfigured port forwarding page. > > Thanks so much ...

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2
Results 21 to 27 of 27

Thread: Rogue Packets on Port 1027?

  1. Re: Rogue Packets on Port 1027?

    Randy Yates writes:

    > Hi,
    >
    > THANKS much for the education/information. Perhaps the post
    > hadn't migrated to your usenet server yet, but I found the
    > problem - a misconfigured port forwarding page.
    >
    > Thanks so much for your help and ideas. I may check into the
    > openWRT firmware you wrote about, and it's nice to know the
    > netstat command information.


    Hi Randy,

    So is this to say that the root cause of these rogue packets that were
    leaking past your router was that you had some port forwarding
    configured that you weren't aware of or hadn't remembered?

    In addition to openwrt, there is also dd-wrt which also runs on your
    hardware revision. Your v3 of the wrt54g will still run these
    things pretty. It's in v5 where Linksys really gutted the device and
    dumbed it down.

    Best Regards,
    --
    Todd H.
    http://www.toddh.net/

  2. Re: Rogue Packets on Port 1027?

    comphelp@toddh.net (Todd H.) writes:

    > Randy Yates writes:
    >
    >> Hi,
    >>
    >> THANKS much for the education/information. Perhaps the post
    >> hadn't migrated to your usenet server yet, but I found the
    >> problem - a misconfigured port forwarding page.
    >>
    >> Thanks so much for your help and ideas. I may check into the
    >> openWRT firmware you wrote about, and it's nice to know the
    >> netstat command information.

    >
    > Hi Randy,
    >
    > So is this to say that the root cause of these rogue packets that were
    > leaking past your router was that you had some port forwarding
    > configured that you weren't aware of or hadn't remembered?


    Yup. Plain, stupid human error.

    And, to add insult to injury, I didn't discover the error through my
    trouble-shooting skills. As it turns out, my router shuffled the IP
    addresses yesterday, so my 104 system got renamed to 106. But since
    the forwarding IP addresses hadn't changed in the router, I was no
    longer getting the packets.

    > In addition to openwrt, there is also dd-wrt which also runs on your
    > hardware revision. Your v3 of the wrt54g will still run these
    > things pretty. It's in v5 where Linksys really gutted the device and
    > dumbed it down.


    Hmm. That's good to know - I was considering upgrading just to
    get the latest/greatest but I hear you saying I've got a good one.

    Thanks again.
    --
    % Randy Yates % "And all that I can do
    %% Fuquay-Varina, NC % is say I'm sorry,
    %%% 919-577-9882 % that's the way it goes..."
    %%%% % Getting To The Point', *Balance of Power*, ELO
    http://home.earthlink.net/~yatescr

  3. Re: Rogue Packets on Port 1027?

    Randy Yates writes:

    > Hmm. That's good to know - I was considering upgrading just to
    > get the latest/greatest but I hear you saying I've got a good one.


    Yeah, the hardware is still groovy. You've got 16meg of ram and 4mb
    of flash and all the third party firmwares love ya.
    http://www.dd-wrt.com/wiki/index.php/Supported_Devices

    If you wanted to do cool stuff like add OpenVPN support to your router
    or what not, give dd-wrt or openwrt a look.

    Best Regards,
    --
    Todd H.
    http://www.toddh.net/

  4. Re: Rogue Packets on Port 1027?

    In news:m3sl7ij30e.fsf@ieee.org,
    Randy Yates wrote:

    >> The packets aren't "getting through your router". They are being
    >> stopped by your router

    >
    > Then why would software that runs on my computer detect it?


    You said you're running wireshark, which is a packet analyzer. If the
    packet(s) get to your Internet interface and wireshark is listening on that
    interface, it will see them.

    $ echo 218.27.148.78 | jdresolve -r -n -
    218.27.148.78.jlccptt.net.cn


  5. Re: Rogue Packets on Port 1027?

    "ynotssor" writes:

    > In news:m3sl7ij30e.fsf@ieee.org,
    > Randy Yates wrote:
    >
    > >> The packets aren't "getting through your router". They are being
    > >> stopped by your router

    > >
    > > Then why would software that runs on my computer detect it?

    >
    > You said you're running wireshark, which is a packet analyzer. If the
    > packet(s) get to your Internet interface and wireshark is listening on that
    > interface, it will see them.


    You may have missed that he was running wireshark on a computer on the
    LAN side of his home gateway/router/firewall.

    Ultimately Randy discovered that there was port forwarding set up in
    the router left over from a prior experiment that was causing the
    traffic to reach his LAN machine, thus solving the mystery.

    Best Regards,
    --
    Todd H.
    http://www.toddh.net/

  6. Re: Rogue Packets on Port 1027?

    Randy:

    I have a suggestion for you about using Wireshark (and I agree, a great
    tool!). I found a book named "Practical Packet Analysis: Using Wireshark
    to Solve Real-World Network Problems" by Chris Sanders. I'm not
    pitching it nor do I make anything from it's sale ... don't even know
    the author. It takes a noob approach to packet analysis that some here
    might find inadequate, but which was perfect for me. I found it very
    worthwhile. I'm a big fan of learning from printed material, though you
    might find the same info online.

    Rich

  7. Re: Rogue Packets on Port 1027?

    Rich Leitner writes:

    > Randy:
    >
    > I have a suggestion for you about using Wireshark (and I agree, a
    > great tool!). I found a book named "Practical Packet Analysis: Using
    > Wireshark to Solve Real-World Network Problems" by Chris Sanders. I'm
    > not pitching it nor do I make anything from it's sale ... don't even
    > know the author. It takes a noob approach to packet analysis that some
    > here might find inadequate, but which was perfect for me. I found it
    > very worthwhile. I'm a big fan of learning from printed material,
    > though you might find the same info online.


    Sounds like a great idea, Rich. Thanks for the pointer. I'm a firm
    believer that the most important things are the basics, and that
    most everything else can be derived.
    --
    % Randy Yates % "With time with what you've learned,
    %% Fuquay-Varina, NC % they'll kiss the ground you walk
    %%% 919-577-9882 % upon."
    %%%% % '21st Century Man', *Time*, ELO
    http://home.earthlink.net/~yatescr

+ Reply to Thread
Page 2 of 2 FirstFirst 1 2