* Hack or what?
@ 2002-09-17 8:55 Raymond Leach
2002-09-17 15:48 ` Sascha Reissner
0 siblings, 1 reply; 2+ messages in thread
From: Raymond Leach @ 2002-09-17 8:55 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 2123 bytes --]
Hi
Does this look like a hack attempt?
Sep 17 10:56:46 firefly kernel: DROP FORWARD INTERNAL: IN=eth2 OUT=eth0
SRC=10.0.0.4 DST=66.27.234.75 LEN=45 TOS=0x00 PREC=0x00 TTL=127 ID=6691
PROTO=UDP SPT=8912 DPT=69 LEN=25
Sep 17 10:56:47 firefly kernel: DROP FORWARD INTERNAL: IN=eth2 OUT=eth0
SRC=10.0.0.4 DST=66.27.234.75 LEN=45 TOS=0x00 PREC=0x00 TTL=127 ID=6760
PROTO=UDP SPT=8912 DPT=69 LEN=25
Sep 17 10:56:49 firefly kernel: DROP FORWARD INTERNAL: IN=eth2 OUT=eth0
SRC=10.0.0.4 DST=66.27.234.75 LEN=45 TOS=0x00 PREC=0x00 TTL=127 ID=6946
PROTO=UDP SPT=8912 DPT=69 LEN=25
Sep 17 10:56:53 firefly kernel: DROP FORWARD INTERNAL: IN=eth2 OUT=eth0
SRC=10.0.0.4 DST=66.27.234.75 LEN=45 TOS=0x00 PREC=0x00 TTL=127 ID=7199
PROTO=UDP SPT=8912 DPT=69 LEN=25
Sep 17 10:57:01 firefly kernel: DROP FORWARD INTERNAL: IN=eth2 OUT=eth0
SRC=10.0.0.4 DST=66.27.234.75 LEN=45 TOS=0x00 PREC=0x00 TTL=127 ID=7654
PROTO=UDP SPT=8912 DPT=69 LEN=25
Sep 17 10:57:09 firefly kernel: DROP FORWARD INTERNAL: IN=eth2 OUT=eth0
SRC=10.0.0.4 DST=66.27.234.75 LEN=45 TOS=0x00 PREC=0x00 TTL=127 ID=8266
PROTO=UDP SPT=8912 DPT=69 LEN=25
Sep 17 10:57:17 firefly kernel: DROP FORWARD INTERNAL: IN=eth2 OUT=eth0
SRC=10.0.0.4 DST=66.27.234.75 LEN=45 TOS=0x00 PREC=0x00 TTL=127 ID=8795
PROTO=UDP SPT=8912 DPT=69 LEN=25
Sep 17 10:57:25 firefly kernel: DROP FORWARD INTERNAL: IN=eth2 OUT=eth0
SRC=10.0.0.4 DST=66.27.234.75 LEN=45 TOS=0x00 PREC=0x00 TTL=127 ID=9205
PROTO=UDP SPT=8912 DPT=69 LEN=25
Sep 17 10:57:33 firefly kernel: DROP FORWARD INTERNAL: IN=eth2 OUT=eth0
SRC=10.0.0.4 DST=66.27.234.75 LEN=51 TOS=0x00 PREC=0x00 TTL=127 ID=9656
PROTO=UDP SPT=8912 DPT=69 LEN=31
firefly:~ # nslookup 66.27.234.75
Server: fireflyint
Address: 10.0.0.2
Name: bak-66-27-234-75.bak.rr.com
Address: 66.27.234.75
--
----------------------------------------
Raymond Leach
Internet Infrastructure
Knowledge Factory
Tel: +27-11-445-8100 Fax: +27-11-445-8101
www: http://www.knowledgefactory.co.za
----------------------------------------
"It is a man's own fault if his mind grows
torpid in old age." - Samual Jackson
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Hack or what?
2002-09-17 8:55 Hack or what? Raymond Leach
@ 2002-09-17 15:48 ` Sascha Reissner
0 siblings, 0 replies; 2+ messages in thread
From: Sascha Reissner @ 2002-09-17 15:48 UTC (permalink / raw)
To: Raymond Leach, netfilter
looks like you got whatever app running on 10.0.0.4 that tries to retrieve
or send files via tftp to that other IP address.
might be some virii trying to update its own code remotly, or whatever..
check 10.0.0.4 (must be an internal machine due to private ip range) what
processes are running and do some netstat -na to check open connections.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-09-17 15:48 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-09-17 8:55 Hack or what? Raymond Leach
2002-09-17 15:48 ` Sascha Reissner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.