Date: Wed, 04 Nov 1998 13:07:22 +0300 From: Alla Bezroutchko <alla@sovlink.ru> To: security@FreeBSD.ORG Subject: Re: Is it an attack? Strange things logged by ipfw - more on that Message-ID: <3640275A.C3D01E5C@sovlink.ru> References: <Pine.BSF.3.96.981104143706.11812D-100000@gizmo.kyrnet.kg>
next in thread | previous in thread | raw e-mail | index | archive | help
CyberPsychotic wrote: > ~ Nov 3 00:44:53 buddy /kernel: ipfw: 65534 Deny TCP a.b.c.d:50818 > ~ aaa.aaa.aaa.aaa:1333 in via ex0 > ~ Nov 3 01:12:51 buddy /kernel: ipfw: 65534 Deny TCP e.f.g.h:50818 > ~ aaa.aaa.aaa.aaa:1565 in via ex0 > ~ Nov 2 11:15:37 buddy /kernel: ipfw: 65534 Deny TCP i.j.k.l:50818 > ~ aaa.aaa.aaa.aaa:1725 in via ex0 > ~ Oct 20 04:20:03 buddy /kernel: ipfw: 65534 Deny TCP m.n.o.p:50818 Some recent investigations showed even more interesting things. There were connection attempts to three different IPs. One as mentioned, doesn't belong to anything, other is a '95 box and the third one is an HP printer. Every destination address corresponds to a source port. Source IPs are different but some used twice or thrice. Source ports used: 50818, 20330, 26157. This is logged since October 5th (maybe it started earlier, I kept logs only for a month) till yesterday, sometimes one probe in two or three days, sometimes four probes a day. > Nothing will help brain-damaged windoze machines. :) Checked. Some of source IPs belong to 'doze machines, some don't. Brain damaged unix? ;) Ideas? Alla. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3640275A.C3D01E5C>