[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Sheflug] Wierd packets etc.

To: sheflug [at] vuw.ac.nz
Subject: [Sheflug] Wierd packets etc.
From: Barrie Bremner <nospam [at] ecosse.net>
Date: Thu, 01 Jun 2000 01:17:08 +0100
List-help: <http://www.sheflug.co.uk>
List-owner: <mailto:sheflug-admins [at] vuw.ac.nz>
List-post: <mailto:sheflug [at] vuw.ac.nz>
List-subscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=subscribe>
List-unsubscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=unsubscribe>
Reply-to: "Sheflug" <sheflug [at] vuw.ac.nz>
Sender: nospam [at] rata.vuw.ac.nz
Sender: sheflug-bounce [at] vuw.ac.nz


I`ve had quite a few interesting things being reported to me recently by
portsentry/logcheck, two security program I installed on my system a few
months back.

 The stuff below is taken from my logs and mailled to me by my machine
when anything funny happens.

 Anyone got any idea exactly what the packet that this Korea geezer was
throwing at me was meant to achieve?
 

Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
May 16 02:12:13 localhost portsentry[672]: attackalert: Unknown Type:
Packet Flags: SYN: 1 FIN: 1 ACK: 0 PSH: 0 URG: 0 RST: 0 from host:
rrlab7.kaist.
ac.kr/143.248.151.179 to TCP port: 109
May 16 02:12:13 localhost portsentry[672]: attackalert: Host
143.248.151.179 has been blocked via wrappers with string: "ALL:
143.248.151.179"
May 16 02:12:13 localhost portsentry[672]: attackalert: Host
143.248.151.179 has been blocked via dropped route using command:
"/sbin/ipchains -I inpu
t -s 143.248.151.179 -j DENY -l"



****************************


And how/why am I being scanned by something/one else...I`ve got dynamic
IP address...not like I`m in any one `place`, so to speak for very long
at one time.

Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
May 30 21:57:32 localhost portsentry[672]: attackalert: SYN/Normal scan
from host: 195.76.27.44/195.76.27.44 to TCP port: 53
May 30 21:57:32 localhost portsentry[672]: attackalert: Host
195.76.27.44 has been blocked via wrappers with string: "ALL:
195.76.27.44"
May 30 21:57:32 localhost portsentry[672]: attackalert: Host
195.76.27.44 has been blocked via dropped route using command:
"/sbin/ipchains -I input -s 195.76.27.44 -j DENY -l"

 I assume there isn`t much else I can do, but sit and laugh at these log
entries is there?

 Baz.


-- 
Barrie J. Bremner

Email:      TheEnglishman [at] ecosse.net 
	    (PGP key available at my website)

URL:    http://www.geocities.com/thefatenglishman

Telephone:	UK 0131 313 3266
Mobile:		UK 07968 792975

	Quis custodiet ipsos custodes?
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

Follow-Ups:
- [Sheflug] Wierd packets etc.
  - From: "Stephen J. Turnbull" <turnbull [at] sk.tsukuba.ac.jp>

Prev by Date: [Sheflug] How to redirect root`s mail.
Next by Date: Re: [Sheflug] How to redirect root`s mail.
Prev by thread: Re: [Sheflug] How to redirect root`s mail.
Next by thread: [Sheflug] Wierd packets etc.
Index(es):
- Date
- Thread