Security Incidents mailing list archives
strange entrys in /var/log/messages
From: benr () FRESHFOOD NET AU (Ben Russell)
Date: Wed, 12 Jan 2000 13:37:35 +1100
Hi, I was reading my messages log today and came across these entrys... the packet activity started on the 8th of december at 17:43... this first round of packets lasted about an hour... the packets seem to come in groups of four about every 5 minutes... sometimes 1 minute intervals.. I read /etc/services and it says that these are bootp client and server ports but I have no bootp servers anywhere. A second round of packets started at Dec 9, 13:40 and lasted until Dec 10, 09:55 ... the same pattern, groups of 4 at 5 minute intervals... any feedback would be appreciated, thanx, br. Dec 10 09:44:41 myhostname kernel: IP fw-in deny eth0 UDP 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=3075 F=0x0000 T=128 Dec 10 09:44:47 myhostname kernel: IP fw-in deny eth0 UDP 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=3331 F=0x0000 T=128 Dec 10 09:44:53 myhostname kernel: IP fw-in deny eth0 UDP 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=3587 F=0x0000 T=128 Dec 10 09:44:59 myhostname kernel: IP fw-in deny eth0 UDP 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=3843 F=0x0000 T=128 Dec 10 09:50:05 myhostname kernel: IP fw-in deny eth0 UDP 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=4099 F=0x0000 T=128 Dec 10 09:50:11 myhostname kernel: IP fw-in deny eth0 UDP 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=4355 F=0x0000 T=128 Dec 10 09:50:17 myhostname kernel: IP fw-in deny eth0 UDP 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=4611 F=0x0000 T=128 Dec 10 09:50:23 myhostname kernel: IP fw-in deny eth0 UDP 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=4867 F=0x0000 T=128 Dec 10 09:55:29 myhostname kernel: IP fw-in deny eth0 UDP 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=5123 F=0x0000 T=128 Dec 10 09:55:35 myhostname kernel: IP fw-in deny eth0 UDP 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=5379 F=0x0000 T=128 Dec 10 09:55:41 myhostname kernel: IP fw-in deny eth0 UDP 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=5635 F=0x0000 T=128 Dec 10 09:55:47 myhostname kernel: IP fw-in deny eth0 UDP 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=5891 F=0x0000 T=128
Current thread:
- Large quantity of traffic from amazon.com - source_port 3000, (continued)
- Large quantity of traffic from amazon.com - source_port 3000 Peter Bates (Jan 13)
- Re: Port 4 Lutz Pressler (Jan 12)
- Re: Port 4 Vanja Hrustic (Jan 13)
- New vulnerability (fwd) Alfred Huger (Jan 13)
- An Embryonic Counterintelligence Tool Stephen P. Berry (Jan 14)
- Re: An Embryonic Counterintelligence Tool Vanja Hrustic (Jan 18)
- Maillog Suspicious flirtingboy20 (Jan 11)
- Re: Maillog Suspicious David A. Bandel (Jan 11)
- Re: Maillog Suspicious James Phillips (Jan 11)
- Re: Maillog Suspicious Yiorgos Adamopoulos (Jan 11)
- strange entrys in /var/log/messages Ben Russell (Jan 11)
- Re: strange entrys in /var/log/messages Christopher Wilson (Jan 12)
- Re: strange entrys in /var/log/messages Robert Graham (Jan 12)
- Re: Maillog Suspicious Jose Nazario (Jan 11)
- Re: Maillog Suspicious Larry W. Cashdollar (Jan 11)
- Attempted port scans. Steve (Jan 11)
- Re: Maillog Suspicious Khetan Gajjar (Jan 11)
- Text file monitor? Luther Trammel (Jan 12)
- Re: Text file monitor? James A Kennemore Jr (Jan 12)
- Re: Maillog Suspicious Christopher Rhodes (Jan 12)
- Re: Maillog Suspicious Christopher Rhodes (Jan 12)