Security Incidents mailing list archives
What is this guy doing?
From: jburroug () LIB UAA ALASKA EDU (Josh Burroughs)
Date: Mon, 5 Jun 2000 18:00:29 -0800
I've seen this pattern showing up in my logs for the past few days, what the hell is this guy trying to do? Jun 5 16:52:11 discworld kernel: Packet log: input DENY eth0 PROTO=17 24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=56747 F=0x0000 T=128 (#5) Jun 5 16:53:11 discworld kernel: Packet log: input DENY eth0 PROTO=17 24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=5292 F=0x0000 T=128 (#5) Jun 5 16:54:11 discworld kernel: Packet log: input DENY eth0 PROTO=17 24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=18348 F=0x0000 T=128 (#5) Jun 5 16:55:11 discworld kernel: Packet log: input DENY eth0 PROTO=17 24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=32172 F=0x0000 T=128 (#5) Jun 5 16:56:11 discworld kernel: Packet log: input DENY eth0 PROTO=17 24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=45228 F=0x0000 T=128 (#5) Jun 5 16:57:11 discworld kernel: Packet log: input DENY eth0 PROTO=17 24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=59052 F=0x0000 T=128 (#5) Jun 5 16:58:11 discworld kernel: Packet log: input DENY eth0 PROTO=17 24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=6573 F=0x0000 T=128 (#5) Jun 5 16:59:11 discworld kernel: Packet log: input DENY eth0 PROTO=17 24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=20397 F=0x0000 T=128 (#5) This is a snippet from the logs of my NAT/firewall at home, I am sitting on a cable modem network and this IP belongs does belong to another cable modem user, and I have emailed abuse@ with a snippet from my logs, I'm just really curious if anyone knows what's going on? Is this a misconfigured box or a deliberate probe of some kind? Thanks. "The only difference between me and a madman is that I am not mad." - Salvador Dali Josh Burroughs
Current thread:
- Re: Microsoft version.binding us now?, (continued)
- Re: Microsoft version.binding us now? Richard Bejtlich (Jun 02)
- Scan of the Week continued Lance Spitzner (Jun 03)
- very strange scan patterns Joe H (Jun 05)
- Re: very strange scan patterns John Kristoff (Jun 05)
- Sub-7 Khan, Mansoor (Jun 05)
- Re: Sub-7 James Stevenson (Jun 08)
- Re: Sub-7 Matthew F. Caldwell (Jun 08)
- Re: Sub-7 nine (Jun 08)
- Strange scans - inquisitive question Paul Rogers (Jun 09)
- Re: Strange scans - inquisitive question Valdis Kletnieks (Jun 11)
- What is this guy doing? Josh Burroughs (Jun 05)
- Re: What is this guy doing? Sebastien Reister (Jun 08)
- AW: What is this guy doing? Peter Roth (Jun 08)
- Port 6347 Dante Mercurio (Jun 08)
- Re: Port 6347 Brian Macke (Jun 08)
- Re: Port 6347 Henry F. Marquardt (Jun 09)
- Re: What is this guy doing? Greg A. Woods (Jun 08)
- Port-scans from visited web-sites? Peter Bates (Jun 07)
- Re: Port-scans from visited web-sites? Joe McAlerney (Jun 08)
- Re: Port-scans from visited web-sites? Greg A. Woods (Jun 08)
- Re: Port-scans from visited web-sites? Erich Meier (Jun 10)