[ILUG] (no subject)
[ILUG] (no subject)
Chris Boyd
chris_d_b71 at yahoo.com
Sat Apr 14 19:09:06 IST 2001
Can anyone tell me what's going on here. A bit new to
the security thing and not sure what steps to take at
this point. How can I tell if they got in or is an
actual attack.
Thanks in advance,
Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Apr 13 22:16:43 myserver portsentry[693]: attackalert:
SYN/Normal scan
from host: ppp2037.ath.forthnet.gr/212.251.58.142 to
TCP port: 37
Apr 13 22:16:43 myserver portsentry[693]: attackalert:
Host
212.251.58.142 has been blocked via wrappers with
string: "ALL: 212.251.58.142"
Apr 13 22:16:43 myserver portsentry[693]: attackalert:
Host
212.251.58.142 has been blocked via dropped route
using command: "/sbin/ipchains
-I input -s 212.251.58.142 -j DENY -l"
Security Violations
=-=-=-=-=-=-=-=-=-=
Apr 13 22:16:43 myserver portsentry[693]: attackalert:
SYN/Normal scan
from host: ppp2037.ath.forthnet.gr/212.251.58.142 to
TCP port: 37
Apr 13 22:16:43 myserver portsentry[693]: attackalert:
Host
212.251.58.142 has been blocked via wrappers with
string: "ALL: 212.251.58.142"
Apr 13 22:16:43 myserver kernel: Packet log: input
DENY eth0 PROTO=6
212.251.58.142:1767 myserver:80 L=40 S=0x00 I=16533
F=0x0000 T=83
Apr 13 22:16:43 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1769 x:80 L=40 S=0x00 I=16534 F=0x0000
T=83
Apr 13 22:16:43 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1769 x:80 L=40 S=0x00 I=16535 F=0x0000
T=83
Apr 13 22:16:43 portsentry[693]: attackalert: Host
212.251.58.142 has been blocked via dropped route
using command: "/sbin/ipchains
-I input -s 212.251.58.142 -j DENY -l"
Apr 13 22:16:43 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1775 x:37 L=44 S=0x00 I=16536 F=0x0000
T=83
Apr 13 22:16:44 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1769 x:80 L=40 S=0x00 I=16538 F=0x0000
T=83
Apr 13 22:16:44 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1768 x:80 L=40 S=0x00 I=16539 F=0x0000
T=83
Apr 13 22:16:44 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1768 x:80 L=40 S=0x00 I=16540 F=0x0000
T=83
Apr 13 22:16:44 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1775 x:37 L=44 S=0x00 I=16541 F=0x0000
T=83
Apr 13 22:16:44 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1768 x:80 L=40 S=0x00 I=16542 F=0x0000
T=83
Apr 13 22:16:44 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1766 x:80 L=40 S=0x00 I=16543 F=0x0000
T=83
Apr 13 22:16:45 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1776 x:80 L=44 S=0x00 I=16551 F=0x0000
T=83
Apr 13 22:16:45 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1767 x:80 L=40 S=0x00 I=16552 F=0x0000
T=83
Apr 13 22:16:46 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1767 x:80 L=40 S=0x00 I=16553 F=0x0000
T=83
Apr 13 22:16:46 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1774 x:80 L=40 S=0x00 I=16554 F=0x0000
T=83
Apr 13 22:16:46 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1776 x:80 L=44 S=0x00 I=16559 F=0x0000
T=83
Apr 13 22:16:47 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1775 x:37 L=44 S=0x00 I=16560 F=0x0000
T=83
Apr 13 22:16:47 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1776 x:80 L=44 S=0x00 I=16562 F=0x0000
T=83
Apr 13 22:16:48 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1774 x:80 L=40 S=0x00 I=16563 F=0x0000
T=83
Apr 13 22:16:48 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1775 x:37 L=44 S=0x00 I=16564 F=0x0000
T=83
Apr 13 22:16:49 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1776 x:80 L=44 S=0x00 I=16565 F=0x0000
T=83
Apr 13 22:16:49 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1767 x:80 L=40 S=0x00 I=16566 F=0x0000
T=83
Apr 13 22:16:50 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1769 x:80 L=40 S=0x00 I=16567 F=0x0000
T=83
Apr 13 22:16:50 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1776 x:80 L=44 S=0x00 I=16568 F=0x0000
T=83
Apr 13 22:16:51 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1775 x:37 L=44 S=0x00 I=16569 F=0x0000
T=83
Apr 13 22:16:51 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1768 x:80 L=40 S=0x00 I=16570 F=0x0000
T=83
Apr 13 22:16:52 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1776 x:80 L=44 S=0x00 I=16571 F=0x0000
T=83
Apr 13 22:16:53 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1774 x:80 L=40 S=0x00 I=16572 F=0x0000
T=83
Apr 13 22:16:53 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1775 x:37 L=44 S=0x00 I=16573 F=0x0000
T=83
Apr 13 22:16:55 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1776 x:80 L=44 S=0x00 I=16574 F=0x0000
T=83
Apr 13 22:16:59 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1775 x:37 L=44 S=0x00 I=16576 F=0x0000
T=83
Apr 13 22:17:00 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1767 x:80 L=40 S=0x00 I=16577 F=0x0000
T=83
Apr 13 22:17:01 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1776 x:80 L=44 S=0x00 I=16578 F=0x0000
T=83
Apr 13 22:17:02 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1769 x:80 L=40 S=0x00 I=16579 F=0x0000
T=83
Apr 13 22:17:03 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1777 x:13 L=44 S=0x00 I=16580 F=0x0000
T=83
Apr 13 22:17:03 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1777 x:13 L=44 S=0x00 I=16581 F=0x0000
T=83
Apr 13 22:17:04 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1768 x:80 L=40 S=0x00 I=16582 F=0x0000
T=83
Apr 13 22:17:05 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1777 x:13 L=44 S=0x00 I=16583 F=0x0000
T=83
Apr 13 22:17:05 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1777 x:13 L=44 S=0x00 I=16584 F=0x0000
T=83
Apr 13 22:17:06 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1774 x:80 L=40 S=0x00 I=16585 F=0x0000
T=83
Apr 13 22:17:07 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1777 x:13 L=44 S=0x00 I=16586 F=0x0000
T=83
Apr 13 22:17:09 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1776 x:80 L=44 S=0x00 I=16587 F=0x0000
T=83
Apr 13 22:17:09 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1777 x:13 L=44 S=0x00 I=16588 F=0x0000
T=83
Apr 13 22:17:13 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1777 x:13 L=44 S=0x00 I=16589 F=0x0000
T=83
Apr 13 22:17:15 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1778 x:80 L=44 S=0x00 I=16590 F=0x0000
T=83
Apr 13 22:17:15 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1778 x:80 L=44 S=0x00 I=16591 F=0x0000
T=83
Apr 13 22:17:16 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1778 x:80 L=44 S=0x00 I=16592 F=0x0000
T=83
Apr 13 22:17:17 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1778 x:80 L=44 S=0x00 I=16593 F=0x0000
T=83
Apr 13 22:17:19 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1777 x:13 L=44 S=0x00 I=16594 F=0x0000
T=83
Apr 13 22:17:19 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1778 x:80 L=44 S=0x00 I=16595 F=0x0000
T=83
Apr 13 22:17:21 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1778 x:80 L=44 S=0x00 I=16596 F=0x0000
T=83
Apr 13 22:17:25 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1778 x:80 L=44 S=0x00 I=16597 F=0x0000
T=83
Apr 13 22:17:25 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1767 x:80 L=40 S=0x00 I=16598 F=0x0000
T=83
Apr 13 22:17:28 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1769 x:80 L=40 S=0x00 I=16599 F=0x0000
T=83
Apr 13 22:17:30 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1774 x:80 L=40 S=0x00 I=16600 F=0x0000
T=83
Apr 13 22:17:30 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1778 x:80 L=44 S=0x00 I=16602 F=0x0000
T=83
Apr 13 22:17:33 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1768 x:80 L=40 S=0x00 I=16603 F=0x0000
T=83
Apr 13 22:17:39 kernel: Packet log: input DENY eth0
PROTO=6
212.251.58.142:1778 x:80 L=44 S=0x00 I=16604 F=0x0000
T=83
Apr 13 22:17:44 kernel: Packet log: input DENY eth0
PROTO=6
=====
Chris Boyd
Home: (01)671 9858
Cell: 087 955 9519
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
More information about the ILUG
mailing list Read this without the formatting .
