Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Invalid IP address

From: Steven Lee <idsforensic () yahoo com>
Date: 21 Oct 2002 20:05:10 -0000


I am seeing this on my router syslog after I applied an access list on the 
internal interface. Can anyone tell me what this could be? The 68.84.8.41 
is a comcast IP that is active on the network; however, someone inside our 
network is attempting to use it to go out to other sites? Thanks for your 
help.

l7.Info X.X.X.X 38644: .Oct 21 13:40:27: %SEC-6-IPACCESSLOGP: list 101 
denied tcp 68.84.8.41(0) -> 67.34.160.17(0), 1 packet
2002-10-21 13:35:37     Local7.Info     X.X.X.X 38645: .Oct 21 13:40:28: %
SEC-6-IPACCESSLOGP: list 101 denied tcp 68.84.8.41(0) -> 217.121.116.154
(0), 1 packet
2002-10-21 13:35:38     Local7.Info     X.X.X.X 38646: .Oct 21 13:40:29: %
SEC-6-IPACCESSLOGP: list 101 denied tcp 68.84.8.41(0) -> 141.156.130.147
(0), 1 packet
2002-10-21 13:35:39     Local7.Info     X.X.X.X 38647: .Oct 21 13:40:30: %
SEC-6-IPACCESSLOGP: list 101 denied tcp 68.84.8.41(0) -> 68.9.184.233(0), 
2 packets
2002-10-21 13:35:40     Local7.Info     X.X.X.X 38648: .Oct 21 13:40:32: %
SEC-6-IPACCESSLOGP: list 101 denied tcp 68.84.8.41(0) -> 24.203.121.105
(0), 1 packet
2002-10-21 13:35:41     Local7.Info     X.X.X.X 38649: .Oct 21 13:40:33: %
SEC-6-IPACCESSLOGP: list 101 denied tcp 68.84.8.41(0) -> 67.82.63.49(0), 1 
packet

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com
Previous By Date Next
Previous By Thread Next

Current thread: