Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 02 Oct 1999 17:10:56 -0400
From:      Stephen Derdau <sderdau@ne.mediaone.net>
To:        freebsd-questions@freebsd.org
Subject:   Is someone trying to hack my system ?
Message-ID:  <37F674E0.619A860F@ne.mediaone.net>

next in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------649D2A6942A0DBC853D6E78C
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

Subject: Is someone trying break in ?

> Date: Sat, 02 Oct 1999 17:08:57 -0400
> From: Stephen Derdau <sderdau@ne.mediaone.net>
> To: freebsd-questions@ne.mediaone.net
>
> I've kinda been working on my security on my systems. IPFW !
> Now I'm seeing  stuff like this:
>
>  ipfw 65534 Deny UDP 167.216.187.155:1089 24.218.2.59:1025 in via ed0
>  ipfw 65534 Deny UDP 24.218.3.41:520 24.218.3.255:520 in via ed0
> ipfw: 65534 Deny UDP 167.216.187.155:1089 24.218.2.59:1025 in via ed0
> ipfw: 65534 Deny UDP 24.218.2.178:1455 255.255.255.255:8780 in via ed0
>  ipfw: 65534 Deny UDP 24.218.2.178:1460 255.255.255.255:28001 in via ed0
>
> ipfw: 65534 Deny UDP 24.218.2.49:27901 255.255.255.255:27910 in via ed0
> 65534 Deny UDP 24.218.2.127:8093 255.255.255.255:8349 in via ed0
>
> I'm seeing alot of this every few seconds and I'm wondering if this
> means
> someone is hacking my system or has or is trying.
>
> Thank You

--------------649D2A6942A0DBC853D6E78C
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Return-Path: <>
Received: from chmls06.mediaone.net ([24.128.1.71]) by
          chmls14.mediaone.net (Netscape Messaging Server 4.1) with ESMTP
          id FIZULD00.RPV for <sderdau@ne.mediaone.net>; Sat, 2 Oct 1999
          17:05:37 -0400 
Received: from localhost (localhost)
	by chmls06.mediaone.net (8.8.7/8.8.7) with internal id RAA07044;
	Sat, 2 Oct 1999 17:05:37 -0400 (EDT)
Date: Sat, 2 Oct 1999 17:05:37 -0400 (EDT)
From: Mail Delivery Subsystem <MAILER-DAEMON@chmls06.mediaone.net>
Message-Id: <199910022105.RAA07044@chmls06.mediaone.net>
To: <sderdau@ne.mediaone.net>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
	boundary="RAA07044.938898337/chmls06.mediaone.net"
Subject: Returned mail: User unknown
Auto-Submitted: auto-generated (failure)
X-Mozilla-Status2: 00000000

This is a MIME-encapsulated message

--RAA07044.938898337/chmls06.mediaone.net

The original message was received at Sat, 2 Oct 1999 17:05:37 -0400 (EDT)
from sderdau.ne.mediaone.net [24.218.2.59]

   ----- The following addresses had permanent fatal errors -----
<freebsd-questions@ne.mediaone.net>

   ----- Transcript of session follows -----
... while talking to chmls14.mediaone.net.:
>>> RCPT To:<freebsd-questions@ne.mediaone.net>
<<< 550 Invalid recipient <freebsd-questions@ne.mediaone.net>
550 <freebsd-questions@ne.mediaone.net>... User unknown

--RAA07044.938898337/chmls06.mediaone.net
Content-Type: message/delivery-status

Reporting-MTA: dns; chmls06.mediaone.net
Received-From-MTA: DNS; sderdau.ne.mediaone.net
Arrival-Date: Sat, 2 Oct 1999 17:05:37 -0400 (EDT)

Final-Recipient: RFC822; freebsd-questions@ne.mediaone.net
Action: failed
Status: 5.1.1
Remote-MTA: DNS; chmls14.mediaone.net
Diagnostic-Code: SMTP; 550 Invalid recipient <freebsd-questions@ne.mediaone.net>
Last-Attempt-Date: Sat, 2 Oct 1999 17:05:37 -0400 (EDT)

--RAA07044.938898337/chmls06.mediaone.net
Content-Type: message/rfc822

Return-Path: <sderdau@ne.mediaone.net>
Received: from ne.mediaone.net (sderdau.ne.mediaone.net [24.218.2.59])
	by chmls06.mediaone.net (8.8.7/8.8.7) with ESMTP id RAA07039;
	Sat, 2 Oct 1999 17:05:37 -0400 (EDT)
Sender: root
Message-ID: <37F67469.16F2D840@ne.mediaone.net>
Date: Sat, 02 Oct 1999 17:08:57 -0400
From: Stephen Derdau <sderdau@ne.mediaone.net>
X-Mailer: Mozilla 4.61 [en] (X11; I; FreeBSD 3.2-RELEASE i386)
X-Accept-Language: en
MIME-Version: 1.0
To: freebsd-questions@ne.mediaone.net
Subject: Is someone trying break in ?
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

I've kinda been working on my security on my systems. IPFW !
Now I'm seeing  stuff like this:

 ipfw 65534 Deny UDP 167.216.187.155:1089 24.218.2.59:1025 in via ed0
 ipfw 65534 Deny UDP 24.218.3.41:520 24.218.3.255:520 in via ed0
ipfw: 65534 Deny UDP 167.216.187.155:1089 24.218.2.59:1025 in via ed0
ipfw: 65534 Deny UDP 24.218.2.178:1455 255.255.255.255:8780 in via ed0
 ipfw: 65534 Deny UDP 24.218.2.178:1460 255.255.255.255:28001 in via ed0

ipfw: 65534 Deny UDP 24.218.2.49:27901 255.255.255.255:27910 in via ed0
65534 Deny UDP 24.218.2.127:8093 255.255.255.255:8349 in via ed0

I'm seeing alot of this every few seconds and I'm wondering if this
means
someone is hacking my system or has or is trying.

Thank You






--RAA07044.938898337/chmls06.mediaone.net--


--------------649D2A6942A0DBC853D6E78C--



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37F674E0.619A860F>