Security Incidents mailing list archives
What's all this then?
From: Andy Duncan <andyduncan () MOTIVES CO UK>
Date: Fri, 6 Oct 2000 17:23:20 +0100
While idly browsing my logs I found this: Oct 6 13:43:06 gateway kernel: Packet log: forward REJECT ppp0 PROTO=6 10.0.0.44:1216 160.79.35.232:1107 L=48 S=0x00 I=10938 F=0x4000 T=127 SYN (#3) Oct 6 13:43:09 gateway kernel: Packet log: forward REJECT ppp0 PROTO=6 10.0.0.44:1216 160.79.35.232:1107 L=48 S=0x00 I=10948 F=0x4000 T=127 SYN (#3) Oct 6 13:43:15 gateway kernel: Packet log: forward REJECT ppp0 PROTO=6 10.0.0.44:1216 160.79.35.232:1107 L=48 S=0x00 I=10949 F=0x4000 T=127 SYN (#3) The machine 10.0.0.44 had been hooked-up to our web proxy for the first time today, but the user was not browsing at the time. Also, as far as I can tell he had not visited the site in question - connecting with a web browser brings up an Apache index identifing itself as webmail.starlan.com, as does the SMTP daemon. So, is this malicious, bizarre, misconfiguration or what?
Current thread:
- What's all this then? Andy Duncan (Oct 08)