Date: Wed, 2 May 2001 14:34:17 -0500 (CDT) From: Alex Charalabidis <alex@wnm.net> To: <efb-all@vhwy.com> Cc: <security@FreeBSD.ORG>, <efb-all@cotdazr.org> Subject: Re: [GorrellCD@phdnswc.navy.mil: ] Message-ID: <Pine.BSF.4.32.0105021348270.63264-100000@earth.wnm.net> In-Reply-To: <20010501222316.B14264@cotdazr.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 1 May 2001, Everett F Batey wrote: > Dear FreeBSD Security Guru, > > I need some guidance. My employer with which I have had problems over > the past 5 years has suggested I (or my IP) am(/is) trying to attack > hisIP space on UPD 111, and sent me the below attached log file. > > > > > May 1 07:19:51 209.239.229.90:111 -> 137.24.124.222:65422 UDP > > May 1 07:19:51 209.239.229.90:111 -> 137.24.124.222:65423 UDP Oddly enough, I got a virtually identical complaint today regarding traffic to a Dutch network we've never had transactions with before, apparently originating from an unassigned IP address that was briefly used by a Linux test machine on our network. I haven't had time to investigate myself but a colleague mentioned the possibility of something meant to confuse/overload IDS systems as a smokescreen for real attacks. -ac -- =================================================================== Alex Charalabidis Worldspice Technologies 5050 Poplar Ave. Memphis, TN, USA +1 901 432 6000 Opinions expressed are mine alone but may be yours for a small fee. =================================================================== To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.32.0105021348270.63264-100000>