Re: DNS Activity - Strange or Not?

From: RainbowHat (nHiATlE@blSackholeP.mAit.edMu.invalid)
Date: 03/16/02

From: RainbowHat <nHiATlE@blSackholeP.mAit.edMu.invalid>
Date: Sat, 16 Mar 2002 06:26:02 +0000 (UTC)

< Morgan
>i've also checked the other boxes on my lan for rootkits /
>virii and have found nothing yet.

Here is not a answer but a little suggestion. How about you run
`tcpdump` on internal interface. If there are many traffics, the
cause is other boxes. If not, the cause is your firewall box. You
can divide the problem. If firewall box, how about you try `netstat`
or `lsof` and `grep 1099`. You can find which process open port 1099.

Best Regards, RainbowHat.
a belief that even though you may not know all of what you need to solve 
a problem, if you tackle just a piece of it and learn from that, you'll 
learn enough to solve the next piece -- and so on, until you're done.