l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
August 5: Social gathering
Next Installfest:
TBD
Latest News:
Jul. 4: July, August and September: Security, Photography and Programming for Kids
Page last updated:
2001 Dec 30 17:06

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
[vox-tech] Attempted access -- I think
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vox-tech] Attempted access -- I think


  • Subject: [vox-tech] Attempted access -- I think
  • From: Cam Ellison <camellisMAPSon@dccnet.com>
  • Date: Wed, 13 Jun 2001 21:04:45 -0700

I haven't had much of a firewall set up (laziness coupled with too
little time), but I added a few lines to ipchains the other day, mostly
a set that blocked 192.168.x.x from outside the network.  Lo! and
behold!  I get these interesting entries that suggest my system has been
compromised.  The attached text is from syslog, and has been repeated,
along with other variants, ever since I added those lines.

What should I do now?  There is no obvious way in which my system has
been affected, but I notice that these entries are use the bootp ports
(67 and 68), so I am quite suspicious.

Any ideas would be most helpful.

Sorry for using an attachment -- I still haven't gotten around to
jettisoning Netscape and using a proper mail system.  Maybe security
ought to come first?

TIA

Cam


-- 
Cam Ellison Ph.D. R.Psych.
>From Roberts Creek on B.C.'s incomparable Sunshine Coast
camellison@dccnet.com
cam@fleuryassociates.com

Jun 13 16:44:28 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
192.168.177.11:67 255.255.255.255:68 L=328 S=0x00 I=48460 F=0x0000 T=128 (#1)
Jun 13 16:44:28 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
192.168.177.10:67 255.255.255.255:68 L=328 S=0x00 I=20131 F=0x0000 T=128 (#1)
Jun 13 16:50:13 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
192.168.177.11:67 255.255.255.255:68 L=328 S=0x00 I=7509 F=0x0000 T=128 (#1)
Jun 13 16:50:13 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
192.168.177.10:67 255.255.255.255:68 L=328 S=0x00 I=26278 F=0x0000 T=128 (#1)
Jun 13 17:03:38 treehouse -- MARK --
Jun 13 17:08:47 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
192.168.0.1:5005 255.255.255.255:5005 L=44 S=0x00 I=27137 F=0x0000 T=128 (#1)
Jun 13 17:23:38 treehouse -- MARK --
Jun 13 17:41:33 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
192.168.190.3:1052 255.255.255.255:38293 L=44 S=0x00 I=46693 F=0x0000 T=32 (#1)
Jun 13 17:41:33 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
192.168.190.3:1052 255.255.255.255:38293 L=44 S=0x00 I=46949 F=0x0000 T=32 (#1)
Jun 13 17:41:33 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
192.168.190.3:1052 255.255.255.255:38293 L=44 S=0x00 I=47717 F=0x0000 T=32 (#1)
Jun 13 17:41:33 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
192.168.190.3:1052 255.255.255.255:38293 L=44 S=0x00 I=47973 F=0x0000 T=32 (#1)
Jun 13 17:41:33 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
192.168.190.3:1052 255.255.255.255:38293 L=44 S=0x00 I=48741 F=0x0000 T=32 (#1)
Jun 13 17:41:33 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
192.168.190.3:1052 255.255.255.255:38293 L=44 S=0x00 I=48997 F=0x0000 T=32 (#1)















LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.