Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 4 Apr 2000 18:36:47 -0400 (EDT)
From:      Stan Brown <stanb@netcom.com>
To:        freebsd-net@FreeBSD.ORG (FreeBSD Networking)
Subject:   I am being atacked!
Message-ID:  <200004042236.PAA02469@netcom.com>
next in thread | raw e-mail | index | archive | help 
	I have started getting the following messages in /var/log/messages:

Apr  4 02:55:10 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:42671 24.6.61.166:119 in via ed1
Apr  4 02:55:11 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:43376 24.6.61.166:119 in via ed1
Apr  4 02:58:21 koala portsentry[336]: attackalert: Connect from host: c453341-a.pinol1.sfba.home.com/24.6.255.50 to UDP port: 161
Apr  4 02:58:21 koala portsentry[336]: attackalert: Host 24.6.255.50 has been blocked via wrappers with string: "ALL: 24.6.255.50"
Apr  4 02:58:21 koala portsentry[336]: attackalert: Host 24.6.255.50 has been blocked via dropped route using command: "/sbin/route add 24.6.255.50 333.444.555.666"
Apr  4 02:58:21 koala /kernel: arplookup 0.0.0.0 failed: host is not on local network
Apr  4 02:58:21 koala /kernel: arpresolve: can't allocate llinfo for 0.0.0.0rt
Apr  4 02:58:21 koala portsentry[336]: attackalert: Connect from host: c453341-a.pinol1.sfba.home.com/24.6.255.50 to UDP port: 161
Apr  4 02:58:21 koala portsentry[336]: attackalert: Host: 24.6.255.50 is already blocked. Ignoring
Apr  4 02:58:22 koala /kernel: arplookup 0.0.0.0 failed: host is not on local network
Apr  4 02:58:22 koala /kernel: arpresolve: can't allocate llinfo for 0.0.0.0rt
Apr  4 02:58:22 koala portsentry[336]: attackalert: Connect from host: c453341-a.pinol1.sfba.home.com/24.6.255.50 to UDP port: 161
Apr  4 02:58:22 koala portsentry[336]: attackalert: Host: 24.6.255.50 is already blocked. Ignoring

	What's going on?

	What corrective action should I take?

	Thanks.

-- 
Stan Brown     stanb@netcom.com                                    404-996-6955
Factory Automation Systems
Atlanta Ga.
-- 
Look, look, see Windows 95.  Buy, lemmings, buy!   
Pay no attention to that cliff ahead...            Henry Spencer
(c) 1998 Stan Brown.  Redistribution via the Microsoft Network is prohibited.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200004042236.PAA02469>