Security Incidents mailing list archives

What is this guy doing?


From: jburroug () LIB UAA ALASKA EDU (Josh Burroughs)
Date: Mon, 5 Jun 2000 18:00:29 -0800


I've seen this pattern showing up in my logs for the past few days, what
the hell is this guy trying to do?
Jun  5 16:52:11 discworld kernel: Packet log: input DENY eth0 PROTO=17
24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=56747 F=0x0000 T=128
(#5)
Jun  5 16:53:11 discworld kernel: Packet log: input DENY eth0 PROTO=17
24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=5292 F=0x0000 T=128
(#5)
Jun  5 16:54:11 discworld kernel: Packet log: input DENY eth0 PROTO=17
24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=18348 F=0x0000 T=128
(#5)
Jun  5 16:55:11 discworld kernel: Packet log: input DENY eth0 PROTO=17
24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=32172 F=0x0000 T=128
(#5)
Jun  5 16:56:11 discworld kernel: Packet log: input DENY eth0 PROTO=17
24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=45228 F=0x0000 T=128
(#5)
Jun  5 16:57:11 discworld kernel: Packet log: input DENY eth0 PROTO=17
24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=59052 F=0x0000 T=128
(#5)
Jun  5 16:58:11 discworld kernel: Packet log: input DENY eth0 PROTO=17
24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=6573 F=0x0000 T=128
(#5)
Jun  5 16:59:11 discworld kernel: Packet log: input DENY eth0 PROTO=17
24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=20397 F=0x0000 T=128
(#5)

This is a snippet from the logs of my NAT/firewall at home, I am sitting
on a cable modem network and this IP belongs does belong to another cable
modem user, and I have emailed abuse@ with a snippet from my logs, I'm
just really curious if anyone knows what's going on? Is this a
misconfigured box or a deliberate probe of some kind?
Thanks.

"The only difference between me and a madman is that I am not mad."
- Salvador Dali

Josh Burroughs


Current thread: