|
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
On Sun, Aug 01, 2004 at 05:55:41PM -0400, Kam Salisbury wrote:
> On Sun, 2004-08-01 at 17:00, eric@lucii.org wrote:
> > My firewall (SME Server - formerly e-smith) has a bunch of messages
> > like this in the /var/log/messages:
> >
> > Aug 1 16:07:17 polaris kernel: denylog:IN=eth1
> > OUT= MAC=NN:NN:NN:NN:NN:NN:00:01:5c:22:00:02:08:00
> > SRC=68.111.197.211 DST=68.34.XXX.YYY LEN=48 TOS=0x00
> > PREC=0x00 TTL=110 ID=10932 DF PROTO=TCP SPT=3811
> > DPT=5554 WINDOW=64240 RES=0x00 SYN URGP=0
> >
> > Where NN:NN:NN:NN:NN:NN is my external ethernet card's MAC address
> > and 68.34.XXX.YYY is the external ethernet card's IP address.
> >
> > Looks like the firewall is rejecting something - but I'm not 100%
> > certain what's happening here. Is there some sort of internet
> > attack taking place?
> >
> >
> > Eric
> Eric, DPT=5554 would be the port being blocked right? Take a look
> at http://isc.incidents.org/port_details.php?port=5554
>
> It would seem that the Dabber worm is trying to see if there is a
> Sasser worm on your IP to take advantage of.
>
>
> --
> Kam Salisbury
> http://kamsalisbury.com
>
Thanks. That puts my mind at ease (for now). I could not tell if
there was something _inside_ my network trying to get out...
after all, there are some Windows machines in the house :-D
Eric
--
# Eric Lucas
# "Oh, I have slipped the surly bond of earth
# And danced the skies on laughter-silvered wings...
# -- John Gillespie Magee Jr.
___________________________________________________________________________
Philadelphia Linux Users Group -- http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|