Date: Sun, 03 Oct 1999 08:48:06 -0400 From: "Stephen A. Derdau" <sderdau@ne.mediaone.net> To: Greg Lehey <grog@lemis.com> Subject: Re: Is someone trying to hack my system ? Message-ID: <37F75086.E83055B5@ne.mediaone.net> References: <37F674E0.619A860F@ne.mediaone.net> <19991003121827.M40186@freebie.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Sorry you asked how far away web-associates-187-155.digisle.net is : traceroute to 167.216.187.155 (167.216.187.155), 30 hops max, 40 byte packets 1 mnrtr01-mnswt01-vlan13 (24.218.2.1) 2.429 ms 2.157 ms 3.976 ms 2 drrsm01-mnrtr01 (24.128.0.137) 3.006 ms 3.168 ms 3.263 ms 3 lrrtr01-drrsm01 (24.128.0.133) 3.248 ms 3.672 ms 3.652 ms 4 lrgsr01-lrrtr01 (24.128.190.81) 4.154 ms 3.338 ms 4.546 ms 5 lwgsr01-lrgsr01 (24.128.190.57) 3.542 ms 3.984 ms 3.742 ms 6 lwrtr01-lwgsr01 (24.128.190.42) 4.150 ms 4.461 ms 4.557 ms 7 166.48.197.249 (166.48.197.249) 7.406 ms 7.685 ms 8.625 ms 8 corerouter1.WestOrange.cw.net (204.70.9.138) 12.613 ms 11.550 ms 13.233 ms 9 bordercore3.WestOrange.cw.net (166.48.8.1) 11.755 ms 11.140 ms 12.436 ms 10 166.48.9.246 (166.48.9.246) 13.885 ms 13.416 ms 13.191 ms 11 atm0-1-0-402-rt75sc03-sc.digisle.net (167.216.162.102) 87.823 ms 87.329 ms 86.734 ms 12 atm0-1-0-402-rt75sc03-sc.digisle.net (167.216.162.102) 86.785 ms 86.935 ms 86.918 ms 13 atm0-1-0-402-rt75sc03-sc.digisle.net (167.216.162.102) 87.028 ms !X * 87.605 ms !X $ Greg Lehey wrote: > [Format recovered--see http://www.lemis.com/email/email-format.html] > > On Saturday, 2 October 1999 at 17:10:56 -0400, Stephen Derdau wrote: > > Subject: Is someone trying break in ? > > > >> Date: Sat, 02 Oct 1999 17:08:57 -0400 > >> From: Stephen Derdau <sderdau@ne.mediaone.net> > >> To: freebsd-questions@ne.mediaone.net > >> > >> I've kinda been working on my security on my systems. IPFW ! > >> Now I'm seeing stuff like this: > >> > >> ipfw 65534 Deny UDP 167.216.187.155:1089 24.218.2.59:1025 in via ed0 > >> ipfw 65534 Deny UDP 24.218.3.41:520 24.218.3.255:520 in via ed0 > >> ipfw: 65534 Deny UDP 167.216.187.155:1089 24.218.2.59:1025 in via ed0 > >> ipfw: 65534 Deny UDP 24.218.2.178:1455 255.255.255.255:8780 in via ed0 > >> ipfw: 65534 Deny UDP 24.218.2.178:1460 255.255.255.255:28001 in via ed0 > >> ipfw: 65534 Deny UDP 24.218.2.49:27901 255.255.255.255:27910 in via ed0 > >> 65534 Deny UDP 24.218.2.127:8093 255.255.255.255:8349 in via ed0 > >> > >> I'm seeing alot of this every few seconds and I'm wondering if this > >> means someone is hacking my system or has or is trying. > > Since your own machine is 24.218.2.59, it would be reasonable to > assume that most of these addresses are on your local net. > 167.216.187.155 is web-associates-187-155.digisle.net. Do you > recognize them? How far away are they? These things could be as > simple as some kind of broadcast packet. > > The rest of your message appears to be a repetition. > > Greg > -- > When replying to this message, please copy the original recipients. > For more information, see http://www.lemis.com/questions.html > See complete headers for address, home page and phone numbers > finger grog@lemis.com for PGP public key > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37F75086.E83055B5>