Date: Sun, 03 Oct 1999 08:45:06 -0400 From: "Stephen A. Derdau" <sderdau@ne.mediaone.net> To: Greg Lehey <grog@lemis.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Is someone trying to hack my system ? Message-ID: <37F74FD2.856E42C2@ne.mediaone.net> References: <37F674E0.619A860F@ne.mediaone.net> <19991003121827.M40186@freebie.lemis.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Greg Lehey wrote: > [Format recovered--see http://www.lemis.com/email/email-format.html] > > On Saturday, 2 October 1999 at 17:10:56 -0400, Stephen Derdau wrote: > > Subject: Is someone trying break in ? > > > >> Date: Sat, 02 Oct 1999 17:08:57 -0400 > >> From: Stephen Derdau <sderdau@ne.mediaone.net> > >> To: freebsd-questions@ne.mediaone.net > >> > >> I've kinda been working on my security on my systems. IPFW ! > >> Now I'm seeing stuff like this: > >> > >> ipfw 65534 Deny UDP 167.216.187.155:1089 24.218.2.59:1025 in via ed0 > >> ipfw 65534 Deny UDP 24.218.3.41:520 24.218.3.255:520 in via ed0 > >> ipfw: 65534 Deny UDP 167.216.187.155:1089 24.218.2.59:1025 in via ed0 > >> ipfw: 65534 Deny UDP 24.218.2.178:1455 255.255.255.255:8780 in via ed0 > >> ipfw: 65534 Deny UDP 24.218.2.178:1460 255.255.255.255:28001 in via ed0 > >> ipfw: 65534 Deny UDP 24.218.2.49:27901 255.255.255.255:27910 in via ed0 > >> 65534 Deny UDP 24.218.2.127:8093 255.255.255.255:8349 in via ed0 > >> > >> I'm seeing alot of this every few seconds and I'm wondering if this > >> means someone is hacking my system or has or is trying. > > Since your own machine is 24.218.2.59, it would be reasonable to > assume that most of these addresses are on your local net. > 167.216.187.155 is web-associates-187-155.digisle.net. Do you > recognize them? How far away are they? These things could be as > simple as some kind of broadcast packet. > > The rest of your message appears to be a repetition. > > Greg > -- > When replying to this message, please copy the original recipients. > For more information, see http://www.lemis.com/questions.html > See complete headers for address, home page and phone numbers > finger grog@lemis.com for PGP public key No I don't know web-associates. Most of the others are in my same domain ne.mediaone.net. here is another one not in my domain. Name: www.rc-pilot.com Address: 209.44.26.6 ipfw: 1800 Deny TCP 209.44.26.6:25751 24.218.2.59:1080 in via ed0 These are kinda diffrent. The ip addresses do not come back with anything via nslookup. Also the number range is diffrent. 65534 Deny ICMP:8.0 24.30.218.50 24.218.2.59 ipfw: 200 Deny TCP 192.168.51.89:80 24.218.2.59:1975 Deny TCP 192.168.51.88:80 24.218.2.59:2133 Thanks for any insight. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?37F74FD2.856E42C2>