Security Incidents mailing list archives
Re: Linuxconf scanning
From: jeff keith <jak () MJMI COM>
Date: Tue, 8 Aug 2000 15:02:45 -0400
Ian Eure wrote:
saw some linuxconf scanning this weekend... -- snip -- Aug 5 15:29:33 spindle kernel: Packet log: ltraf REJECT eth0 PROTO=6 211.169.82.130:4450 aaa.bbb.ccc.ddd:98 L=60 S=0x00 I=16301 F=0x4000 T=43 SYN (#11) Aug 5 15:29:33 spindle kernel: Packet log: ltraf REJECT eth0 PROTO=6 211.169.82.130:4450 aaa.bbb.ccc.ddd:98 L=60 S=0x00 I=16301 F=0x4000 T=43 SYN (#11) -- snip -- $ grep 98\/tcp /etc/services linuxconf 98/tcp # LinuxConf $ a quick whois shows the 210/8 & 211/8 subnets as delegated to the asia-pacific region. queries to whois.apnic.net were butt-slow and didn't respond. did anyone else see this over the weekend? -- ______________________________________________ | "the whole scale of cosmic dimensions are falling from my mouth | in the description of a kiss of the interimlovers" | - einsturzende neubaten, "interim"
We saw some probes on Friday: 45978 08/04/00 17:40:20 n deny in eth0 60 tcp 20 45 211.36.109.130 a.b.c.2 1405 98 syn (default) 45998 08/04/00 17:40:20 n deny in eth0 60 tcp 20 45 211.36.109.130 a.b.c.10 1413 98 syn (default) 46018 08/04/00 17:40:20 n deny in eth0 60 tcp 20 45 211.36.109.130 a.b.c.11 1414 98 syn (default) 46038 08/04/00 17:40:20 n deny in eth0 60 tcp 20 45 211.36.109.130 a.b.c.20 1423 98 syn (default) 46058 08/04/00 17:40:20 n deny in eth0 60 tcp 20 45 211.36.109.130 a.b.c.21 1424 98 syn (default) 46078 08/04/00 17:40:20 n deny in eth0 60 tcp 20 45 211.36.109.130 a.b.c.22 1425 98 syn (default) 46098 08/04/00 17:40:20 n deny in eth0 60 tcp 20 45 211.36.109.130 a.b.c.23 1426 98 syn (default) 46118 08/04/00 17:40:20 n deny in eth0 60 tcp 20 45 211.36.109.130 a.b.c.27 1430 98 syn (default) 46138 08/04/00 17:40:20 n deny in eth0 60 tcp 20 45 211.36.109.130 a.b.c.35 1438 98 syn (default) 46158 08/04/00 17:40:23 n deny in eth0 60 tcp 20 45 211.36.109.130 a.b.c.3 1406 98 syn (default) 46178 08/04/00 17:40:23 n deny in eth0 60 tcp 20 45 211.36.109.130 a.b.c.28 1431 98 syn (default) 46198 08/04/00 17:40:23 n deny in eth0 60 tcp 20 45 211.36.109.130 a.b.c.29 1432 98 syn (default) 46218 08/04/00 17:40:23 n deny in eth0 60 tcp 20 45 211.36.109.130 a.b.c.30 1433 98 syn (default) 46238 08/04/00 17:40:23 n deny in eth0 60 tcp 20 45 211.36.109.130 a.b.c.31 1434 98 syn (default) 46258 08/04/00 17:40:23 n deny in eth0 60 tcp 20 45 211.36.109.130 a.b.c.32 1435 98 syn (default) 46278 08/04/00 17:40:23 n deny in eth0 60 tcp 20 45 211.36.109.130 a.b.c.33 1436 98 syn (default) 46298 08/04/00 17:40:23 n deny in eth0 60 tcp 20 45 211.36.109.130 a.b.c.34 1437 98 syn (default) Jeff Keith
Current thread:
- Linuxconf scanning Ian Eure (Aug 08)
- Re: Linuxconf scanning jeff keith (Aug 09)
- Re: Linuxconf scanning James Hoagland (Aug 09)
- Re: Linuxconf scanning Dan Hollis (Aug 10)
- <Possible follow-ups>
- Re: Linuxconf scanning Frank Dauer (Aug 09)
- Re: Linuxconf scanning Brian Sommers (Aug 13)
- Re: Linuxconf scanning Jim Roland (Aug 14)
- Re: Linuxconf scanning Granquist, Lamont (Aug 22)
- Re: Linuxconf scanning Jim Roland (Aug 14)
- Re: Linuxconf scanning Granquist, Lamont (Aug 24)
- Re: Linuxconf scanning Jon Lewis (Aug 24)
- Re: Linuxconf scanning St. Arnaud, Jon (Aug 25)