Stephen Gran on 2 Aug 2004 14:27:03 -0000 |
On Mon, Aug 02, 2004 at 07:31:53AM -0400, eric@lucii.org said: > On Sun, Aug 01, 2004 at 05:55:41PM -0400, Kam Salisbury wrote: > > On Sun, 2004-08-01 at 17:00, eric@lucii.org wrote: > > > > > > Aug 1 16:07:17 polaris kernel: denylog:IN=eth1 > > > OUT= MAC=NN:NN:NN:NN:NN:NN:00:01:5c:22:00:02:08:00 > > > SRC=68.111.197.211 DST=68.34.XXX.YYY LEN=48 TOS=0x00 > > > PREC=0x00 TTL=110 ID=10932 DF PROTO=TCP SPT=3811 > > > DPT=5554 WINDOW=64240 RES=0x00 SYN URGP=0 > > > > It would seem that the Dabber worm is trying to see if there is a > > Sasser worm on your IP to take advantage of. > > Thanks. That puts my mind at ease (for now). I could not tell if > there was something _inside_ my network trying to get out... > after all, there are some Windows machines in the house :-D SRC=68.111.197.211 tells you where the packet comes from, and IN=eth1 tells you what interface it hit. -- -------------------------------------------------------------------------- | Stephen Gran | Somehow I reached excess without ever | | steve@lobefin.net | noticing when I was passing through | | http://www.lobefin.net/~steve | satisfaction. -- Ashleigh Brilliant | -------------------------------------------------------------------------- Attachment:
pgpjEptRb3TJK.pgp
|
|