l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
November 4: Social gathering
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2001 Dec 30 17:06

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Attempted access -- I think
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Attempted access -- I think



I managed to get it into more readable format -- the text appears below
the copied message.

Cam


Cam Ellison wrote:
> 
> I haven't had much of a firewall set up (laziness coupled with too
> little time), but I added a few lines to ipchains the other day, mostly
> a set that blocked 192.168.x.x from outside the network.  Lo! and
> behold!  I get these interesting entries that suggest my system has been
> compromised.  The attached text is from syslog, and has been repeated,
> along with other variants, ever since I added those lines.
> 
> What should I do now?  There is no obvious way in which my system has
> been affected, but I notice that these entries are use the bootp ports
> (67 and 68), so I am quite suspicious.
> 
> Any ideas would be most helpful.
> 
> Sorry for using an attachment -- I still haven't gotten around to
> jettisoning Netscape and using a proper mail system.  Maybe security
> ought to come first?
> 
>
>   ------------------------------------------------------------------------
> 
> Jun 13 16:44:28 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
>192.168.177.11:67 255.255.255.255:68 L=328 S=0x00 I=48460 F=0x0000 T=128 (#1)
> Jun 13 16:44:28 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
>192.168.177.10:67 255.255.255.255:68 L=328 S=0x00 I=20131 F=0x0000 T=128 (#1)
> Jun 13 16:50:13 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
>192.168.177.11:67 255.255.255.255:68 L=328 S=0x00 I=7509 F=0x0000 T=128 (#1)
> Jun 13 16:50:13 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
>192.168.177.10:67 255.255.255.255:68 L=328 S=0x00 I=26278 F=0x0000 T=128 (#1)
> Jun 13 17:03:38 treehouse -- MARK --
> Jun 13 17:08:47 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
>192.168.0.1:5005 255.255.255.255:5005 L=44 S=0x00 I=27137 F=0x0000 T=128 (#1)
> Jun 13 17:23:38 treehouse -- MARK --
> Jun 13 17:41:33 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
>192.168.190.3:1052 255.255.255.255:38293 L=44 S=0x00 I=46693 F=0x0000 T=32 (#1)
> Jun 13 17:41:33 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
>192.168.190.3:1052 255.255.255.255:38293 L=44 S=0x00 I=46949 F=0x0000 T=32 (#1)
> Jun 13 17:41:33 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
>192.168.190.3:1052 255.255.255.255:38293 L=44 S=0x00 I=47717 F=0x0000 T=32 (#1)
> Jun 13 17:41:33 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
>192.168.190.3:1052 255.255.255.255:38293 L=44 S=0x00 I=47973 F=0x0000 T=32 (#1)
> Jun 13 17:41:33 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
>192.168.190.3:1052 255.255.255.255:38293 L=44 S=0x00 I=48741 F=0x0000 T=32 (#1)
> Jun 13 17:41:33 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
>192.168.190.3:1052 255.255.255.255:38293 L=44 S=0x00 I=48997 F=0x0000 T=32 (#1)


LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Appahost Applications
For a significant contribution towards our projector, and a generous donation to allow us to continue meeting at the Davis Library.