Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
Mike Miller wrote:
>
> On Sat, 31 Mar 2001, Mikhail Kovalenko wrote:
>
> > Mar 26 17:37:25 kernel: Packet log: input DENY eth0 PROTO=1
> > 209.225.26.99:8 (#12)
> > Mar 26 17:37:25 kernel: Packet log: input DENY eth0 PROTO=1
> > 216.33.46.132:8 (#12)
> > Mar 26 17:37:25 kernel: Packet log: input DENY eth0 PROTO=1
> > 64.69.165.251:8 (#12)
> > Mar 26 17:37:25 kernel: Packet log: input DENY eth0 PROTO=1
> > 209.225.26.99:8 (#12)
> > Mar 26 17:37:26 kernel: Packet log: input DENY eth0 PROTO=1
> > 64.69.165.251:8 (#12)
> > Mar 26 17:37:26 kernel: Packet log: input DENY eth0 PROTO=1
> > 216.33.46.132:8 (#12)
>
> What are you using? Your log doesn't look like iplog or tcp_wrappers log.
> I don't understand from your log which port those machines were accessing.
It's a stripped ipchains log. The packets above arrive on icmp "port" 0,
so here, it's a simple ping scan. There is a lot of scans lately for
ports 53 (dns - definitely related to the worm) and 137 (netbios - as
usual).
> Is it possible that your machine did something to evoke those responses?
> Otherwise you are saying that it is a coordinated effort by at least three
> different machines. I haven't had that happen to me during the one year
> while I've been keeping track of these things.
That's exactly what it is. And it happens quite a bit.
Cheers,
-- MK
<< Terra es et in terram ibis >>
--
To manage your subscription, go to http://mlug.missouri.edu/members/edit.php
Archives are available at http://mlug.missouri.edu/list-archives/
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact