On Thu, 22-Nov-2001 at 13:43:13 -0400, eduardo wrote:
> One of the network is my company network (192.168.X.X / 255.255.0.0. I am in
> charge of it) and the other network belongs to other company (10.10.X.X /
> 255.255.0.0). This company has a VPN. Now, they are accusing me as hacker,
> Oct 21 04:09:49 localhost kernel: Packet log: input REJECT eth0 PROTO=6
> 184.108.40.206:4512 220.127.116.11:27374 L=48 S=0x00 I=24273 F=0x4000 T=109
> SYN (#70)
I'm assuming here that 18.104.22.168 is probably them, and 22.214.171.124
is probably some random address from the Internet that you have nothing to
do with. Therefore we can disregard lines like this.
> Oct 21 04:09:55 localhost kernel: Packet log: input DENY eth0 PROTO=17
> 192.168.2.185:138 192.168.255.255:138 L=229 S=0x00 I=43989 F=0x000 T=128
Okay, here's a line that actually mentions your subnet. It shows that your
network is leaky, but it's not malicious. One of your machines
(192.168.2.185) is sending SMB broadcasts to your broadcast address,
192.168.255.255. Because of the network configuration, they are able to
see broadcasts from your network. That's all.
I would definitely suggest that you secure your network a bit better so
that they're not seeing your broadcasts any more. (You should probably
have a router between you and the network that you share with them.)
But this definitely is NOT indicative of any sort of attack. They're
suffering from a combination of paranoid, and lack of understanding when it
comes to how this mysterious internet thing works.
> They have as many as 40 pages of this type of messages , presenting this
> "deny" access as the evidence we have tried to penetrate their network.
And it's all more of the same, in one of the two categories I described
above. Nothing in any way indicates a penetration attempt on your part
(unless 126.96.36.199 belongs to you, of course).
... There are thre erors in this tagline.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!