Incoming packets

I am connected to the Internet via Kppp and a dialup Winmodem. On remaining
connected with no Internet application running, I see a continual stream of
low-amplitude incoming pulses in GkrellM. Kppp's details screen shows
absolutely nothing. I assume that they are harmless, but wou;d be
interested to know what they are. I have GuardDog running.

Doug.
--
The place to improve the world is first in one's own heart and head and
hands.
- Robert M. Persig

Doug Laidlaw wrote:
> I am connected to the Internet via Kppp and a dialup Winmodem. On remaining
> connected with no Internet application running, I see a continual stream of
> low-amplitude incoming pulses in GkrellM. Kppp's details screen shows
> absolutely nothing. I assume that they are harmless, but wou;d be
> interested to know what they are. I have GuardDog running.
>
> Doug.
Probably keepalive packets. Some dialup links are configured to hang up
or redial the connection if they see no traffic after a certain amount
of time. Keepalives prevent that disconnection.

Neil


--
Neil Horman
Red Hat, Inc., http://people.redhat.com/nhorman
gpg keyid: 1024D / 0x92A74FA1, http://www.keyserver.net

Doug Laidlaw <(E-Mail Removed)> wrote:

> I am connected to the Internet via Kppp and a dialup Winmodem. On
> remaining connected with no Internet application running, I see a
> continual stream of low-amplitude incoming pulses in GkrellM. Kppp's
> details screen shows
> absolutely nothing. I assume that they are harmless, but wou;d be
> interested to know what they are. I have GuardDog running.

Most probably, these are probes from P2P clients. Some of those
clients are very stubborn and try for hours even if there is
no local P2P client running anymore.

It could also be port scans from script kiddies. Some of these
dim wits scan the dial-up ports of ISPs continously in search of
vulnerable services.

To make sure, you can check this with tcpdump or ethereal.

Ciao, Horst
--
»When pings go wrong (It hurts me too)« E.Clapton/E.James/P.Tscharn

Doug Laidlaw wrote:

> I am connected to the Internet via Kppp and a dialup Winmodem. On
> remaining connected with no Internet application running, I see a
> continual stream of low-amplitude incoming pulses in GkrellM. Kppp's
> details screen shows
> absolutely nothing. I assume that they are harmless, but wou;d be
> interested to know what they are. I have GuardDog running.
>
> Doug.

Just a suggestion if you're worried... Guarddog does an ok job, but if
you're going to use a firewall util instead of managing your own iptables,
you could try Firestarter, which stealths all of your ports by default, so
you can't be scanned. Go to http://www.grc.com to have yourself scanned to
see if you're already stealthed or not. (keep clicking on every link that
says "Shields Up!" to get to the scanner. I think its three levels into the
site...)

Other's hypotheses about p2p and script kiddies are probably accurate...
there's also still a very large amount of 135 traffic looking for unpatched
and "nicely patched" Windows machines.

-Me

--
http://barfdader.com
"Beat your children at least once a day; if you don't know why, they do."
-A surprisingly famous guy