Security Incidents mailing list archives

Re: Connections to port 635 ??

From: proggy () EARTHLING NET (Bill)
Date: Fri, 23 Jun 2000 10:28:50 -0500


Port 635 is the port that some older versions of linux rpc.mountd listen
on.  There is a remote exploit for this service, I am not aware of any
patch for the bug, other than upgrading to a newer version.

On Thu, 22 Jun 2000, Gunther Stammwitz wrote:

Hi,

someone tried very often to connect to port 635. As far as I know there are no services on that port, is it an attack 
?
Another interesting thing is, that the source-ports are increasing or at least changing.

What shall I do now ?

traceroute 166.114.199.67
traceroute to 166.114.199.67 (166.114.199.67), 30 hops max, 40 byte packets
 1  koeln6.ndh.net (195.94.89.1)  1 ms  1 ms  1 ms
 2  koeln4.ndh.net (195.94.90.221)  1 ms  1 ms  1 ms
 3  hssi2-0.frankfurt1.ndh.net (195.94.75.50)  5 ms  6 ms  5 ms
 4  topnet-frankfurt.ndh.net (195.94.75.42)  5 ms  5 ms  5 ms
 5  G3-0-5.ffm2-gsr.atm-bb.de (62.104.193.193)  5 ms  5 ms  5 ms
 6  L0.kln2-gsr.atm-bb.de (62.104.191.149)  8 ms  7 ms  7 ms
 7  L0.dus2-gsr.atm-bb.de (62.104.191.148)  11 ms  10 ms  10 ms
 8  dus2-c.atm-bb.de (62.104.198.81)  10 ms  9 ms  9 ms
 9  defra303-tc-s3-0.ebone.net (195.158.228.105)  13 ms  13 ms  12 ms
10  chgen101-tc-p1-0.ebone.net (195.158.228.86)  20 ms  20 ms  20 ms
11  chgen102-tc-p3-0.ebone.net (195.158.237.33)  22 ms  21 ms  21 ms
12  itmil201-ta-p5-0-0.ebone.net (195.158.241.38)  33 ms  32 ms  33 ms
13  195.158.241.118 (195.158.241.118)  26 ms  26 ms  27 ms
14  pa5-mi5.seabone.net (195.22.192.138)  50 ms  49 ms  48 ms
15  fa-eth-1-pa4.seabone.net (195.22.205.242)  50 ms  47 ms  47 ms
16  * * *

Bye,
Gunther

Active System Attack Alerts
=-=-=-=-=-=-=-=-=-=-=-=-=-=
Jun 21 20:46:36 server portsentry[89]: attackalert: Connect from host: 166.114.199.67/166.114.199.67 to TCP port: 635
Jun 21 20:46:36 server portsentry[89]: attackalert: Host 166.114.199.67 has been blocked via wrappers with string: 
"ALL: 166.114.199.67"
Jun 21 20:46:36 server portsentry[89]: attackalert: Host 166.114.199.67 has been blocked via dropped route using 
command: "/sbin/ipchains -I input -s 166.114.199.67 -j DENY -l"
Jun 21 20:46:36 server portsentry[89]: attackalert: Connect from host: 166.114.199.67/166.114.199.67 to TCP port: 635
Jun 21 20:46:36 server portsentry[89]: attackalert: Host: 166.114.199.67 is already blocked. Ignoring

Security Violations
=-=-=-=-=-=-=-=-=-=
Jun 21 20:46:36 server portsentry[89]: attackalert: Connect from host: 166.114.199.67/166.114.199.67 to TCP port: 635
Jun 21 20:46:36 server portsentry[89]: attackalert: Host 166.114.199.67 has been blocked via wrappers with string: 
"ALL: 166.114.199.67"
Jun 21 20:46:36 server portsentry[89]: attackalert: Host 166.114.199.67 has been blocked via dropped route using 
command: "/sbin/ipchains -I input -s 166.114.199.67 -j DENY -l"
Jun 21 20:46:36 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=25815 F=0x4000 T=43 (#1)
Jun 21 20:46:36 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=25816 F=0x0000 T=43 (#1)
Jun 21 20:46:36 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=25817 F=0x4000 T=43 (#1)
Jun 21 20:46:36 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=25819 F=0x0000 T=43 (#1)
Jun 21 20:46:36 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=25828 F=0x4000 T=43 (#1)
Jun 21 20:46:36 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=25829 F=0x0000 T=43 (#1)
Jun 21 20:46:36 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30337 195.94.87.243:635 L=40 S=0x00 
I=25838 F=0x4000 T=43 (#1)
Jun 21 20:46:36 server portsentry[89]: attackalert: Connect from host: 166.114.199.67/166.114.199.67 to TCP port: 635
Jun 21 20:46:36 server portsentry[89]: attackalert: Host: 166.114.199.67 is already blocked. Ignoring
Jun 21 20:46:37 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30341 195.94.87.247:635 L=40 S=0x00 
I=25978 F=0x4000 T=43 (#1)
Jun 21 20:46:39 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=26269 F=0x0000 T=43 (#1)
Jun 21 20:46:39 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=26270 F=0x0000 T=43 (#1)
Jun 21 20:46:39 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=26273 F=0x0000 T=43 (#1)
Jun 21 20:46:39 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30337 195.94.87.243:635 L=40 S=0x00 
I=26274 F=0x4000 T=43 (#1)
Jun 21 20:46:39 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=26336 F=0x4000 T=43 (#1)
Jun 21 20:46:40 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30341 195.94.87.247:635 L=40 S=0x00 
I=26397 F=0x4000 T=43 (#1)
Jun 21 20:46:40 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=26400 F=0x4000 T=43 (#1)
Jun 21 20:46:40 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=26402 F=0x4000 T=43 (#1)
Jun 21 20:46:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=26811 F=0x0000 T=43 (#1)
Jun 21 20:46:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=26812 F=0x0000 T=43 (#1)
Jun 21 20:46:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30337 195.94.87.243:635 L=40 S=0x00 
I=26813 F=0x4000 T=43 (#1)
Jun 21 20:46:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=26814 F=0x0000 T=43 (#1)
Jun 21 20:46:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30341 195.94.87.247:635 L=40 S=0x00 
I=26937 F=0x4000 T=43 (#1)
Jun 21 20:46:46 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=26938 F=0x4000 T=43 (#1)
Jun 21 20:46:46 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=26939 F=0x4000 T=43 (#1)
Jun 21 20:46:46 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=26942 F=0x4000 T=43 (#1)
Jun 21 20:46:57 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30337 195.94.87.243:635 L=40 S=0x00 
I=28105 F=0x4000 T=43 (#1)
Jun 21 20:46:57 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=28111 F=0x0000 T=43 (#1)
Jun 21 20:46:57 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=28114 F=0x0000 T=43 (#1)
Jun 21 20:46:57 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=28119 F=0x0000 T=43 (#1)
Jun 21 20:46:57 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30341 195.94.87.247:635 L=40 S=0x00 
I=28195 F=0x4000 T=43 (#1)
Jun 21 20:46:58 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=28202 F=0x4000 T=43 (#1)
Jun 21 20:46:59 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=28313 F=0x4000 T=43 (#1)
Jun 21 20:46:59 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=28314 F=0x4000 T=43 (#1)
Jun 21 20:47:21 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=30318 F=0x0000 T=43 (#1)
Jun 21 20:47:21 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=30319 F=0x0000 T=43 (#1)
Jun 21 20:47:21 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=30320 F=0x0000 T=43 (#1)
Jun 21 20:47:21 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30341 195.94.87.247:635 L=40 S=0x00 
I=30365 F=0x4000 T=43 (#1)
Jun 21 20:47:21 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30337 195.94.87.243:635 L=40 S=0x00 
I=30366 F=0x4000 T=43 (#1)
Jun 21 20:47:23 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=30474 F=0x4000 T=43 (#1)
Jun 21 20:47:23 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=30536 F=0x4000 T=43 (#1)
Jun 21 20:47:23 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=30537 F=0x4000 T=43 (#1)
Jun 21 20:48:09 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=34588 F=0x0000 T=43 (#1)
Jun 21 20:48:09 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=34589 F=0x0000 T=43 (#1)
Jun 21 20:48:09 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=34590 F=0x0000 T=43 (#1)
Jun 21 20:48:09 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30341 195.94.87.247:635 L=40 S=0x00 
I=34635 F=0x4000 T=43 (#1)
Jun 21 20:48:09 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30337 195.94.87.243:635 L=40 S=0x00 
I=34636 F=0x4000 T=43 (#1)
Jun 21 20:48:11 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=34751 F=0x4000 T=43 (#1)
Jun 21 20:48:12 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=34853 F=0x4000 T=43 (#1)
Jun 21 20:48:12 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=34855 F=0x4000 T=43 (#1)
Jun 21 20:49:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=43311 F=0x0000 T=43 (#1)
Jun 21 20:49:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=43312 F=0x0000 T=43 (#1)
Jun 21 20:49:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=43313 F=0x0000 T=43 (#1)
Jun 21 20:49:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30337 195.94.87.243:635 L=40 S=0x00 
I=43315 F=0x0000 T=234 (#1)
Jun 21 20:49:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30341 195.94.87.247:635 L=40 S=0x00 
I=43382 F=0x0000 T=234 (#1)
Jun 21 20:49:47 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=43577 F=0x4000 T=43 (#1)
Jun 21 20:49:47 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=43578 F=0x4000 T=43 (#1)
Jun 21 20:49:48 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=43626 F=0x4000 T=43 (#1)
Jun 21 20:51:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=54139 F=0x0000 T=43 (#1)
Jun 21 20:51:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=54140 F=0x0000 T=43 (#1)
Jun 21 20:51:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=54141 F=0x0000 T=43 (#1)
Jun 21 20:51:46 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30337 195.94.87.243:635 L=40 S=0x00 
I=54210 F=0x0000 T=234 (#1)
Jun 21 20:51:48 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=54473 F=0x4000 T=43 (#1)
Jun 21 20:51:49 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=54476 F=0x4000 T=43 (#1)
Jun 21 20:51:49 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=54479 F=0x4000 T=43 (#1)
Jun 21 20:53:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30337 195.94.87.243:635 L=40 S=0x00 
I=65173 F=0x0000 T=234 (#1)
Jun 21 20:53:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=65174 F=0x0000 T=43 (#1)
Jun 21 20:53:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=65175 F=0x0000 T=43 (#1)
Jun 21 20:53:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=65176 F=0x0000 T=43 (#1)
Jun 21 20:53:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30341 195.94.87.247:635 L=40 S=0x00 
I=65219 F=0x0000 T=234 (#1)
Jun 21 20:55:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=10420 F=0x0000 T=43 (#1)
Jun 21 20:55:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=10421 F=0x0000 T=43 (#1)
Jun 21 20:55:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=10423 F=0x0000 T=43 (#1)
Jun 21 20:55:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30337 195.94.87.243:635 L=40 S=0x00 
I=10532 F=0x0000 T=234 (#1)
Jun 21 20:55:46 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30341 195.94.87.247:635 L=40 S=0x00 
I=10536 F=0x0000 T=234 (#1)
Jun 21 20:57:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=21755 F=0x0000 T=43 (#1)
Jun 21 20:57:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=21756 F=0x0000 T=43 (#1)
Jun 21 20:57:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=21758 F=0x0000 T=43 (#1)
Jun 21 20:57:46 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30337 195.94.87.243:635 L=40 S=0x00 
I=21851 F=0x0000 T=234 (#1)
Jun 21 20:57:46 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30341 195.94.87.247:635 L=40 S=0x00 
I=21852 F=0x0000 T=234 (#1)
Jun 21 20:59:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=32674 F=0x0000 T=43 (#1)
Jun 21 20:59:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=32675 F=0x0000 T=43 (#1)
Jun 21 20:59:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=32676 F=0x0000 T=43 (#1)
Jun 21 20:59:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30337 195.94.87.243:635 L=40 S=0x00 
I=32800 F=0x0000 T=234 (#1)
Jun 21 20:59:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30341 195.94.87.247:635 L=40 S=0x00 
I=32801 F=0x0000 T=234 (#1)
Jun 21 21:01:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=43277 F=0x0000 T=43 (#1)
Jun 21 21:01:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=43278 F=0x0000 T=43 (#1)
Jun 21 21:01:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=43279 F=0x0000 T=43 (#1)
Jun 21 21:01:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30337 195.94.87.243:635 L=40 S=0x00 
I=43416 F=0x0000 T=234 (#1)
Jun 21 21:03:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=53558 F=0x0000 T=43 (#1)
Jun 21 21:03:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=53560 F=0x0000 T=43 (#1)
Jun 21 21:03:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=53563 F=0x0000 T=43 (#1)
Jun 21 21:03:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30337 195.94.87.243:635 L=40 S=0x00 
I=53694 F=0x0000 T=234 (#1)
Jun 21 21:03:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30341 195.94.87.247:635 L=40 S=0x00 
I=53695 F=0x0000 T=234 (#1)
Jun 21 21:05:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=63947 F=0x0000 T=43 (#1)
Jun 21 21:05:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=63948 F=0x0000 T=43 (#1)
Jun 21 21:05:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=63949 F=0x0000 T=43 (#1)
Jun 21 21:05:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30337 195.94.87.243:635 L=40 S=0x00 
I=64079 F=0x0000 T=234 (#1)
Jun 21 21:05:46 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30341 195.94.87.247:635 L=40 S=0x00 
I=64080 F=0x0000 T=234 (#1)
Jun 21 21:07:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=8957 F=0x0000 T=43 (#1)
Jun 21 21:07:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=8958 F=0x0000 T=43 (#1)
Jun 21 21:07:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=8959 F=0x0000 T=43 (#1)
Jun 21 21:07:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30337 195.94.87.243:635 L=40 S=0x00 
I=9101 F=0x0000 T=234 (#1)
Jun 21 21:07:46 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30341 195.94.87.247:635 L=40 S=0x00 
I=9109 F=0x0000 T=234 (#1)
Jun 21 21:09:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30381 195.94.87.252:635 L=40 S=0x00 
I=19724 F=0x0000 T=43 (#1)
Jun 21 21:09:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30437 195.94.87.253:635 L=40 S=0x00 
I=19725 F=0x0000 T=43 (#1)
Jun 21 21:09:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30345 195.94.87.251:635 L=40 S=0x00 
I=19726 F=0x0000 T=43 (#1)
Jun 21 21:09:45 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30337 195.94.87.243:635 L=40 S=0x00 
I=19843 F=0x0000 T=234 (#1)
Jun 21 21:09:46 server kernel: Packet log: input DENY eth0 PROTO=6 166.114.199.67:30341 195.94.87.247:635 L=40 S=0x00 
I=19851 F=0x0000 T=234 (#1)

Current thread:

Which DoS ? [Updated] Eric LeBlanc (Jun 15)
- Re: Which DoS ? [Updated] Patrick Oonk (Jun 16)
- Re: Which DoS ? [Updated] Pluto (Jun 20)
  - Re: Which DoS ? [Updated] Ian Eure (Jun 21)
- Netbus portscan ( port 12345) lmonin () METACONCEPT COM (Jun 21)
  - Re: Netbus portscan ( port 12345) James T. Perry (Jun 22)
- scanned - strange! Sir Scriptzalot (Jun 21)
- (forw) Jennifer Granick Audio Interview now online Elias Levy (Jun 21)
- Connections to port 635 ?? Gunther Stammwitz (Jun 21)
  - Connections to port 635 ?? Klaus Moeller (Jun 23)
  - Re: Connections to port 635 ?? Bill (Jun 23)
  - stranger ftp kill Max Gribov (Jun 23)
    - Re: stranger ftp kill frank () STUDENT2 RUG AC BE (Jun 23)
    - Re: stranger ftp kill jose (Jun 26)
  - Re: Connections to port 635 ?? Ben Laws (Jun 23)
  - Re: Connections to port 635 ?? Robert Graham (Jun 23)
- Nike Site taken over F_SecurityList Jo (Jun 21)
  - Re: Nike Site taken over Steve (Jun 22)
  - Re: Nike Site taken over Ex Machina (Jun 22)
    - Re: Nike Site taken over Joel de la Garza (Jun 23)
    - Re: Nike Site taken over Aviram Jenik (Jun 24)

(Thread continues...)