system check message question
Jeffrey Wong
jmwong at math.ed.hawaii.edu
Mon Apr 30 23:18:38 PDT 2001
There have been alot of reports of people seeing the exact same thing over
the last two weeks. I havn't really heard much about it besides that its
been seen though. It seems to (so far) be just a passive scan with no
accompaning attacks, although I'd assume that if you do have Back Orifice
installed . . . 1.2.3.4 is just one of the more commonly spoofed IP's.
In fact its used as an example IP in alot of different places. I guess
these new script kiddies either have no imagination, or no idea that they
can change it ;)
Jeff Wong
On Mon, 30 Apr 2001, Ben Beeson wrote:
> Aloha all,
>
> The below line appeared in my /var/log/messages file and I am curious
> about it. I think port 31337 is for Back Orifice, a windows attack that I
> should be relatively immune from. However, that said, I am curious how the IP
> address 1.2.3.4 materialized. I am not sure that this is a 'legal' address.
> 'dig' returns nothing..... Has anyone else seen this???
>
> Thanks,
>
> Ben
>
>
> Security Violations
> =-=-=-=-=-=-=-=-=-=
> Apr 29 16:50:39 kernel: Packet log: input DENY eth0 PROTO=17 1.2.3.4:1024 24.94.83.89:31337 L=81 S=0x00 I=20326 F=0x0000 T=111 (#8)
>
> ---
> You are currently subscribed to luau as: jmwong at math.ed.hawaii.edu
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
More information about the LUAU
mailing list