Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Linuxconf scanning

From: jeff keith <jak () MJMI COM>
Date: Tue, 8 Aug 2000 15:02:45 -0400
Ian Eure wrote:


saw some linuxconf scanning this weekend...

-- snip --
Aug  5 15:29:33 spindle kernel: Packet log: ltraf REJECT eth0 PROTO=6
211.169.82.130:4450 aaa.bbb.ccc.ddd:98 L=60 S=0x00 I=16301 F=0x4000 T=43
SYN (#11)
Aug  5 15:29:33 spindle kernel: Packet log: ltraf REJECT eth0 PROTO=6
211.169.82.130:4450 aaa.bbb.ccc.ddd:98 L=60 S=0x00 I=16301 F=0x4000 T=43
SYN (#11)
-- snip --
$ grep 98\/tcp /etc/services
linuxconf       98/tcp                          # LinuxConf
$

a quick whois shows the 210/8 & 211/8 subnets as delegated to the
asia-pacific region. queries to whois.apnic.net were butt-slow and didn't
respond.

did anyone else see this over the weekend?

--
 ______________________________________________
| "the whole scale of cosmic dimensions are falling from my mouth
| in the description of a kiss of the interimlovers"
|   - einsturzende neubaten, "interim"


We saw some probes on Friday:

45978    08/04/00  17:40:20 n deny   in   eth0    60        tcp     20
45        211.36.109.130   a.b.c.2        1405      98        syn (default)
45998    08/04/00  17:40:20 n deny   in   eth0    60        tcp     20
45        211.36.109.130   a.b.c.10      1413      98        syn (default)
46018    08/04/00  17:40:20 n deny   in   eth0    60        tcp     20
45        211.36.109.130   a.b.c.11      1414      98        syn (default)
46038    08/04/00  17:40:20 n deny   in   eth0    60        tcp     20
45        211.36.109.130   a.b.c.20      1423      98        syn (default)
46058    08/04/00  17:40:20 n deny   in   eth0    60        tcp     20
45        211.36.109.130   a.b.c.21      1424      98        syn (default)
46078    08/04/00  17:40:20 n deny   in   eth0    60        tcp     20
45        211.36.109.130   a.b.c.22      1425      98        syn (default)
46098    08/04/00  17:40:20 n deny   in   eth0    60        tcp     20
45        211.36.109.130   a.b.c.23      1426      98        syn (default)
46118    08/04/00  17:40:20 n deny   in   eth0    60        tcp     20
45        211.36.109.130   a.b.c.27      1430      98        syn (default)
46138    08/04/00  17:40:20 n deny   in   eth0    60        tcp     20
45        211.36.109.130   a.b.c.35      1438      98        syn (default)
46158    08/04/00  17:40:23 n deny   in   eth0    60        tcp     20
45        211.36.109.130   a.b.c.3        1406      98        syn (default)
46178    08/04/00  17:40:23 n deny   in   eth0    60        tcp     20
45        211.36.109.130   a.b.c.28      1431      98        syn (default)
46198    08/04/00  17:40:23 n deny   in   eth0    60        tcp     20
45        211.36.109.130   a.b.c.29      1432      98        syn (default)
46218    08/04/00  17:40:23 n deny   in   eth0    60        tcp     20
45        211.36.109.130   a.b.c.30      1433      98        syn (default)
46238    08/04/00  17:40:23 n deny   in   eth0    60        tcp     20
45        211.36.109.130   a.b.c.31      1434      98        syn (default)
46258    08/04/00  17:40:23 n deny   in   eth0    60        tcp     20
45        211.36.109.130   a.b.c.32      1435      98        syn (default)
46278    08/04/00  17:40:23 n deny   in   eth0    60        tcp     20
45        211.36.109.130   a.b.c.33      1436      98        syn (default)
46298    08/04/00  17:40:23 n deny   in   eth0    60        tcp     20
45        211.36.109.130   a.b.c.34      1437      98        syn (default)



Jeff Keith
Previous By Date Next
Previous By Thread Next

Current thread: