more hack attempts?

dave d.eason at home.com
Mon Jun 25 14:31:24 PDT 2001 

Nope its not me pinging anyone, I was at work at the time, no security
is in effect except for telnet off and hosts allow/deny, I haven't had
time to add anything else, the box has only been online for a few days.
And please, feel free to scan/probe/etc just make sure you email me
(d.eason at home.com) and let me know your IP so I don't panic some more :)


-Dave

-----Original Message-----
From: Nelson Garcia [mailto:garcian002 at hawaii.rr.com] 
Sent: Monday, June 25, 2001 3:48 PM
To: Linux & Unix Advocates & Users
Subject: [luau] Re: more hack attempts?

I suppose that's not you pinging sequential IP addresses like your log
indicates.
If so, you are being used and it's not gonna get better.

Are you running a firewall?  Do you want us to run a scan on you?


----- Original Message -----
From: "dave" <d.eason at home.com>
To: "Linux & Unix Advocates & Users" <luau at maile.hi.net>
Sent: Monday, June 25, 2001 07:57 AM
Subject: [luau] more hack attempts?


> Found these in my logs
>
>
> Jun 24 10:30:48 localhost portmap[14006]: connect from 210.90.149.17
to
> getport(status): request from unauthorized host
>
> Jun 24 10:51:43 localhost kernel: ICMP: 193.247.102.64: Source Route
> Failed.
> Jun 24 10:51:43 localhost kernel: ICMP: 193.247.102.69: Source Route
> Failed.
> Jun 24 10:51:43 localhost kernel: ICMP: 193.247.102.76: Source Route
> Failed.
> Jun 24 10:51:43 localhost kernel: ICMP: 193.247.102.73: Source Route
> Failed.
> Jun 24 10:51:43 localhost kernel: ICMP: 193.247.102.65: Source Route
> Failed.
> Jun 24 10:51:43 localhost kernel: ICMP: 193.247.102.66: Source Route
> Failed.
> Jun 24 10:51:43 localhost kernel: ICMP: 193.247.102.67: Source Route
> Failed.
> Jun 24 10:51:43 localhost kernel: ICMP: 193.247.102.68: Source Route
> Failed.
> Jun 24 10:51:43 localhost kernel: ICMP: 193.247.102.70: Source Route
> Failed.
> Jun 24 10:51:43 localhost kernel: ICMP: 193.247.102.82: Source Route
> Failed.
>
> Jun 24 12:56:48 localhost kernel: NET: 22 messages suppressed.
> Jun 24 12:56:48 localhost kernel: neighbour table overflow
>
> Jun 24 14:48:16 localhost kernel: IP_MASQ:reverse ICMP: failed
checksum
> from 217.58.2.202!
>
> Jun 24 16:31:07 localhost portmap[21537]: connect from 204.144.161.36
to
> getport(status): request from unautho$
> Jun 24 16:31:07 localhost portmap[21538]: connect from 204.144.161.36
to
> getport(status): request from unautho$
> Jun 24 16:31:08 localhost portmap[21539]: connect from 204.144.161.36
to
> getport(status): request from unautho$
> Jun 24 16:31:08 localhost portmap[21540]: connect from 204.144.161.36
to
> getport(status): request from unautho$
>
> Jun 24 19:05:59 localhost kernel: ICMP: 195.61.105.96: Source Route
> Failed.
> Jun 24 19:05:59 localhost kernel: ICMP: 195.61.105.97: Source Route
> Failed.
> Jun 24 19:05:59 localhost kernel: ICMP: 195.61.105.98: Source Route
> Failed.
> Jun 24 19:05:59 localhost kernel: ICMP: 195.61.105.101: Source Route
> Failed.
> Jun 24 19:05:59 localhost kernel: ICMP: 195.61.105.102: Source Route
> Failed.
> Jun 24 19:05:59 localhost kernel: ICMP: 195.61.105.105: Source Route
> Failed.
> Jun 24 19:05:59 localhost kernel: ICMP: 195.61.105.103: Source Route
> Failed.
> Jun 24 19:05:59 localhost kernel: ICMP: 195.61.105.108: Source Route
> Failed.
> Jun 24 19:05:59 localhost kernel: ICMP: 195.61.105.100: Source Route
> Failed.
> Jun 24 19:05:59 localhost kernel: ICMP: 195.61.105.99: Source Route
> Failed.
>
>
> I got email from someone saying my ip was in their "firewall" last
> night, just a windows user but apparently whatever those logs are
> showing someone used the box again for an attack.   Any
> suggestions/ideas?
>
>
> -Dave
>
>
> ---
> You are currently subscribed to luau as: garcian002 at hawaii.rr.com
> To unsubscribe send a blank email to $subst('Email.Unsub')
>


---
You are currently subscribed to luau as: d.eason at home.com
To unsubscribe send a blank email to $subst('Email.Unsub')

More information about the LUAU mailing list