Security Incidents mailing list archives
Odd Firewall Entries
From: v.sweeney () DEXTERUS COM (Vincent Sweeney)
Date: Fri, 21 Apr 2000 00:36:46 +0100
I have suddenly been receiving a lot of odd looking entries, like the
examples pasted below, from a total of 4 IP addresses. Its directed at a
very public facing Linux server which receives all the usual port scans and
attempted exploits. However this is the 1st time I've seen anything like
this (repeated non-standard protocol packets sent to the same server) and
was wonder if anyone has seen the like before and / or knows any more info?
Thanks,
Vince.
----
Apr 19 11:13:47 kernel: Packet log: input DENY eth0 PROTO=54
137.248.121.114:65535 xxx.xxx.xxx.xxx:65535 L=68 S=0x00 I=0 F=0x0000 T=16
O=0x00000494 (#17)
Apr 19 23:41:45 kernel: Packet log: input DENY eth0 PROTO=54
195.38.228.141:65535 xxx.xxx.xxx.xxx:65535 L=68 S=0x00 I=0 F=0x0000 T=22
O=0x00000494 (#17)
Apr 19 23:41:55 kernel: Packet log: input DENY eth0 PROTO=54
195.38.228.141:65535 xxx.xxx.xxx.xxx:65535 L=68 S=0x00 I=0 F=0x0000 T=22
O=0x00000494 (#17)
Current thread:
- Odd Firewall Entries Vincent Sweeney (Apr 20)
- Re: Odd Firewall Entries Jens Hektor (Apr 21)
- Re: Odd Firewall Entries Vincent Sweeney (Apr 24)
- <Possible follow-ups>
- Re: Odd Firewall Entries Ed Padin (Apr 24)
- Linuxconf probe Thomas Chiverton (Apr 26)
- Re: Odd Firewall Entries Eric Vyncke (Apr 26)
- traffic logging Jon Burdge (Apr 26)
- Re: traffic logging Lance Spitzner (Apr 27)
- Re: Odd Firewall Entries Robert Graham (Apr 26)
- Re: Odd Firewall Entries Ed Padin (Apr 27)
- Re: Odd Firewall Entries Jens Hektor (Apr 21)