Hi folks,
ok, there's always a fist time, I suppose - Sentry just alerted me for the
first time. I suddenly get tons of messages about another host in indigo.ie:
Aug 18 23:54:37 angua abacus_sentry[407]: attackalert: Connect from host:
+ts01.limerick.indigo.ie/194.125.144.81 to TCP port: 69
Aug 18 23:54:37 angua abacus_sentry[407]: attackalert: Host 194.125.144.81 has
+been blocked via wrappers.
Aug 18 23:54:37 angua abacus_sentry[407]: attackalert: Host 194.125.144.81 has
+been blocked via dropped route.
Aug 18 23:54:41 angua abacus_sentry[407]: attackalert: Connect from host:
+ts01.limerick.indigo.ie/194.125.144.81 to TCP port: 69
Aug 18 23:54:41 angua abacus_sentry[407]: attackalert: Host: 194.125.144.81 is
+already blocked. Ignoring
[...]
That host is actually "the other end" in my ppp connection...?!
Now I wonder: What the hell is port 69? /etc/services says "tftp" - but
what's tftp? Any suggestions as to how to investigate this further?
Thanks in advance,
Thomas
--
-----------------------------------------------------------------------------
Thomas Ribbrock http://www.bigfoot.com/~kaytan ICQ#: 15839919
"You have to live on the edge of reality - to make your dreams come true!"
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
