Security Incidents mailing list archives
a lot of spoofed traffic for port 8, does anybody recon this?
From: Mikael Fors <mf () MORADATORER SE>
Date: Wed, 9 May 2001 10:54:00 +0200
Last 24 hours I've been receiving a lot of strange packets on my public interface. Log has been sanitized. May 9 10:03:36 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.22.2:0 L=60 S=0x00 I=29112 F=0x0000 T=126 (#24) May 9 10:03:36 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.22.2:0 L=60 S=0x00 I=29113 F=0x0000 T=127 (#24) May 9 10:03:39 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.22.2:0 L=60 S=0x00 I=29117 F=0x0000 T=127 (#24) May 9 10:04:06 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.5.1:0 L=60 S=0x00 I=29177 F=0x0000 T=126 (#24) May 9 10:04:06 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.5.1:0 L=60 S=0x00 I=29178 F=0x0000 T=127 (#24) May 9 10:04:09 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.5.1:0 L=60 S=0x00 I=29185 F=0x0000 T=127 (#24) May 9 10:04:33 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.255.1:0 L=60 S=0x00 I=29235 F=0x0000 T=126 (#24) May 9 10:04:33 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.255.1:0 L=60 S=0x00 I=29236 F=0x0000 T=127 (#24) May 9 10:04:36 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.255.1:0 L=60 S=0x00 I=29243 F=0x0000 T=127 (#24) These packets started trickling here about 48 hours ago, and I have no clue what it can be. What resides on port 8 and why ICMP??? All of these packets arrive on the public interface, and contains private networks, mostly 192.168.x.x networks, but also 172.x.x.x networks show up. Mikael Fors Mora Datorer AB
Current thread:
- a lot of spoofed traffic for port 8, does anybody recon this? Mikael Fors (May 10)
- Message not available
- Re: a lot of spoofed traffic for port 8, does anybody recon this? Devdas Bhagat (May 14)
- Message not available
- Message not available
- Re: a lot of spoofed traffic for port 8, does anybody recon this? Kevin Pietersma (May 14)
- RE: a lot of spoofed traffic for port 8, does anybody recon this? Guy L. Smith (May 14)
- Re: a lot of spoofed traffic for port 8, does anybody recon this? Kevin Pietersma (May 14)
- <Possible follow-ups>
- Re: a lot of spoofed traffic for port 8, does anybody recon this? Jose Nazario (May 14)