So in investigating my problem with mysterious spoofing packets, I learned/relearned some useful commands.
First "netstat -a -W" is good to see all the ports that are open. It also seems to give the same results if you're root and if you're not.
One problem I had with that output was that it doesn't relate the process to the socket. "lsof -i -n" on the other hand does just that. However, the output changes depending on whether or not your root. The info is much more complete when you're root.
Looks like if AOL terminates badly, it leaves a ppp interface alive. You can find it with "ifconfig".
"sudo ifconfig ppp0 delete" seems to make the route go away and hence nmbd stops broadcasting on those addresses.
The bigger question is: is this a security hole ? Am I suddenly allowing people on AOL (yikes) to bind to my shares on my mac ?
Posted by: rob at December 19, 2003 10:44 AM