From: Thomas Ribbrock (emgaron at domain gmx.net)
Date: Thu 19 Aug 1999 - 00:23:16 IST
Hi folks,
ok, there's always a fist time, I suppose - Sentry just alerted me for the
first time. I suddenly get tons of messages about another host in indigo.ie:
Aug 18 23:54:37 angua abacus_sentry[407]: attackalert: Connect from host:
+ts01.limerick.indigo.ie/194.125.144.81 to TCP port: 69
Aug 18 23:54:37 angua abacus_sentry[407]: attackalert: Host 194.125.144.81 has
+been blocked via wrappers.
Aug 18 23:54:37 angua abacus_sentry[407]: attackalert: Host 194.125.144.81 has
+been blocked via dropped route.
Aug 18 23:54:41 angua abacus_sentry[407]: attackalert: Connect from host:
+ts01.limerick.indigo.ie/194.125.144.81 to TCP port: 69
Aug 18 23:54:41 angua abacus_sentry[407]: attackalert: Host: 194.125.144.81 is
+already blocked. Ignoring
[...]
That host is actually "the other end" in my ppp connection...?!
Now I wonder: What the hell is port 69? /etc/services says "tftp" - but
what's tftp? Any suggestions as to how to investigate this further?
Thanks in advance,
Thomas
--
-----------------------------------------------------------------------------
Thomas Ribbrock http://www.bigfoot.com/~kaytan ICQ#: 15839919
"You have to live on the edge of reality - to make your dreams come true!"
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:04:28 GMT