Steven T. Hatton wrote:
On Saturday 19 November 2005 06:40 pm, Anders Johansson wrote:
Then again, with the complete lack of information in the original mail, for all we know it could be someone trying to log on to a machine he is authorised to use and simply mistyped the IP address. I've done that many times
No. This person was up to something more devious. There was an established connection and data being transfered. I do which KSnuffle were still alive. I would have been able to get a lot more information quickely. When you're dealing with issues in real time, reading the manpage on tcpdump is not an option. I didn't feel like leaving the connection established while I researched how to extract details about it.
You still provide us with an astonishing lack of information. How did you determine data was being transferred without using tcpdump or similar? Were you guessing? Please, tell us how you determined this person logged in, and what exactly happened