From owner-freebsd-net  Tue Apr  4 15:43:58 2000
Delivered-To: freebsd-net@freebsd.org
Received: from netcom.com (netcom15.netcom.com [199.183.9.115])
	by hub.freebsd.org (Postfix) with ESMTP id 4333137B507
	for <freebsd-net@FreeBSD.ORG>; Tue,  4 Apr 2000 15:43:55 -0700 (PDT)
	(envelope-from stanb@netcom.com)
Received: (from stanb@localhost)
	by netcom.com (8.9.3/8.9.3) id PAA02469
	for freebsd-net@FreeBSD.ORG; Tue, 4 Apr 2000 15:36:47 -0700 (PDT)
From: Stan Brown <stanb@netcom.com>
Message-Id: <200004042236.PAA02469@netcom.com>
Subject: I am being atacked!
To: freebsd-net@FreeBSD.ORG (FreeBSD Networking)
Date: Tue, 4 Apr 2000 18:36:47 -0400 (EDT)
X-Mailer: ELM [version 2.5 PL3]
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

	I have started getting the following messages in /var/log/messages:

Apr  4 02:55:10 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:42671 24.6.61.166:119 in via ed1
Apr  4 02:55:11 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:43376 24.6.61.166:119 in via ed1
Apr  4 02:58:21 koala portsentry[336]: attackalert: Connect from host: c453341-a.pinol1.sfba.home.com/24.6.255.50 to UDP port: 161
Apr  4 02:58:21 koala portsentry[336]: attackalert: Host 24.6.255.50 has been blocked via wrappers with string: "ALL: 24.6.255.50"
Apr  4 02:58:21 koala portsentry[336]: attackalert: Host 24.6.255.50 has been blocked via dropped route using command: "/sbin/route add 24.6.255.50 333.444.555.666"
Apr  4 02:58:21 koala /kernel: arplookup 0.0.0.0 failed: host is not on local network
Apr  4 02:58:21 koala /kernel: arpresolve: can't allocate llinfo for 0.0.0.0rt
Apr  4 02:58:21 koala portsentry[336]: attackalert: Connect from host: c453341-a.pinol1.sfba.home.com/24.6.255.50 to UDP port: 161
Apr  4 02:58:21 koala portsentry[336]: attackalert: Host: 24.6.255.50 is already blocked. Ignoring
Apr  4 02:58:22 koala /kernel: arplookup 0.0.0.0 failed: host is not on local network
Apr  4 02:58:22 koala /kernel: arpresolve: can't allocate llinfo for 0.0.0.0rt
Apr  4 02:58:22 koala portsentry[336]: attackalert: Connect from host: c453341-a.pinol1.sfba.home.com/24.6.255.50 to UDP port: 161
Apr  4 02:58:22 koala portsentry[336]: attackalert: Host: 24.6.255.50 is already blocked. Ignoring

	What's going on?

	What corrective action should I take?

	Thanks.

-- 
Stan Brown     stanb@netcom.com                                    404-996-6955
Factory Automation Systems
Atlanta Ga.
-- 
Look, look, see Windows 95.  Buy, lemmings, buy!   
Pay no attention to that cliff ahead...            Henry Spencer
(c) 1998 Stan Brown.  Redistribution via the Microsoft Network is prohibited.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message