Hi,
Some strange enteries in my firewall log.
D-Link DSL router
[FIREWALL]Up 37956 mins 9
secs-Net_Bus_Scan:TCP,src:ip:194.145.135.221,dst:port:12345
[FIREWALL]Up 38003 mins 29
secs-Net_Bus_Scan:TCP,src:ip:194.125.46.90,dst:port:12345
[FIREWALL]Up 38818 mins 55
secs-Back_Orifice_Scan:UDP,src:ip:172.190.47.25,dst:port:31337
[FIREWALL]Up 39058 mins 39
secs-Net_Bus_Scan:TCP,src:ip:193.203.149.178,dst:port:12345
[FIREWALL]Up 39226 mins 31
secs-Net_Bus_Scan:TCP,src:ip:194.125.49.118,dst:port:12345
[FIREWALL]Up 42006 mins 39
secs-Net_Bus_Scan:TCP,src:ip:194.125.46.13,dst:port:12345
The IP addresses are from esat and america on-line.
The Back_Orifice_Scan has an amusing name
I have noted increased activity in the router/firewall with nothing
going on from my internal network.
Has anyone else seen enteries like these? What do they mean?
Adrian
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://mail.linux.ie/pipermail/ilug/attachments/20040511/19ee0e32/attachment.pgp
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
