Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Probe from UK Provider ?

From: duarte.cordeiro () ARVORE PT (Duarte Cordeiro)
Date: Tue, 18 Jan 2000 20:31:59 -0000

Today some guy over here downloaded something from ftp.fishnet.co.uk , and
we started to get these entries in our firewall:

Jan 18 15:48:36 gw kernel: Packet log: input REJECT eth0 PROTO=6
194.159.150.13: 1161 <my_ip_addr>:80 L=562 S=0x00 I=58886 F=0x4000 T=109

Jan 18 16:45:05 gw kernel: Packet log: input REJECT eth0 PROTO=6
194.159.150.13: 7811 <my_ip_addr>:25 L=562 S=0x00 I=22964 F=0x4000 T=109
Jan 18 16:45:44 gw kernel: Packet log: input REJECT eth0 PROTO=6
194.159.150.13: 35303 <my_ip_addr>:25 L=562 S=0x00 I=61876 F=0x4000 T=109
Jan 18 16:45:44 gw kernel: Packet log: input REJECT eth0 PROTO=6
194.159.150.13: 35303 <my_ip_addr>:25 L=562 S=0x00 I=61876 F=0x4000 T=109
Jan 18 16:46:21 gw kernel: Packet log: input REJECT eth0 PROTO=6
194.159.150.13: 1557 <my_ip_addr>:20 L=562 S=0x00 I=7861 F=0x4000 T=109
Jan 18 16:46:21 gw kernel: Packet log: input REJECT eth0 PROTO=6
194.159.150.13: 1557 <my_ip_addr>:20 L=562 S=0x00 I=7861 F=0x4000 T=109
Jan 18 16:46:31 gw kernel: Packet log: input REJECT eth0 PROTO=6
194.159.150.13: 4097 <my_ip_addr>:80 L=562 S=0x00 I=26293 F=0x4000 T=109
Jan 18 16:46:31 gw kernel: Packet log: input REJECT eth0 PROTO=6
194.159.150.13: 4097 <my_ip_addr>:80 L=562 S=0x00 I=26293 F=0x4000 T=109
Jan 18 16:47:11 gw kernel: Packet log: input REJECT eth0 PROTO=6
194.159.150.13: 57514 <my_ip_addr>:80 L=562 S=0x00 I=2486 F=0x4000 T=109

Jan 18 16:56:26 gw kernel: Packet log: input REJECT eth0 PROTO=6
194.159.150.13: 2951 <my_ip_addr>:25 L=562 S=0x00 I=65223 F=0x4000 T=109
Jan 18 16:56:26 gw kernel: Packet log: input REJECT eth0 PROTO=6
194.159.150.13: 2951 <my_ip_addr>:25 L=562 S=0x00 I=65223 F=0x4000 T=109
Jan 18 16:58:05 gw kernel: Packet log: input REJECT eth0 PROTO=6
194.159.150.13: 1333 <my_ip_addr>:80 L=562 S=0x00 I=34508 F=0x4000 T=109
Jan 18 16:58:05 gw kernel: Packet log: input REJECT eth0 PROTO=6
194.159.150.13: 1333 <my_ip_addr>:80 L=562 S=0x00 I=34508 F=0x4000 T=109
Jan 18 16:58:11 gw kernel: Packet log: input REJECT eth0 PROTO=6
194.159.150.13: 1255 <my_ip_addr>:443 L=562 S=0x00 I=52428 F=0x4000 T=109
Jan 18 16:58:11 gw kernel: Packet log: input REJECT eth0 PROTO=6
194.159.150.13: 1255 <my_ip_addr>:443 L=562 S=0x00 I=52428 F=0x4000 T=109
Jan 18 16:58:27 gw kernel: Packet log: input REJECT eth0 PROTO=6
194.159.150.13: 2773 <my_ip_addr>:80 L=562 S=0x00 I=46029 F=0x4000 T=109
Jan 18 16:58:27 gw kernel: Packet log: input REJECT eth0 PROTO=6
194.159.150.13: 2773 <my_ip_addr>:80 L=562 S=0x00 I=46029 F=0x4000 T=109
Jan 18 16:58:45 gw kernel: Packet log: input REJECT eth0 PROTO=6
194.159.150.13: 22 <my_ip_addr>:1023 L=562 S=0x00 I=50382 F=0x4000 T=109
Jan 18 16:58:45 gw kernel: Packet log: input REJECT eth0 PROTO=6
194.159.150.13: 22 <my_ip_addr>:1023 L=562 S=0x00 I=50382 F=0x4000 T=109
Jan 18 16:59:19 gw kernel: Packet log: input REJECT eth0 PROTO=6
194.159.150.13: 1506 <my_ip_addr>:80 L=562 S=0x00 I=52944 F=0x4000 T=109
Jan 18 16:59:19 gw kernel: Packet log: input REJECT eth0 PROTO=6
194.159.150.13: 1506 <my_ip_addr>:80 L=562 S=0x00 I=52944 F=0x4000 T=109

There is no service running on my firewall (only ssh to inside interface),
but the probe is only made to specific ports...

Regards,

  Duarte

Duarte M. Cordeiro                  Internetworking & Comm. Security
mailto:Duarte.Cordeiro () arvore pt    Project Manager

Arvore - Tecnologias de Informacao  Tel: +351 213193000
Av. Miguel Bombarda, 1 - 3 Dto.     Fax: +351 213541676
1000 Lisboa - Portugal              http://www.arvore.pt
Previous By Date Next
Previous By Thread Next

Current thread: