more hack attempts?

Nelson Garcia garcian002 at hawaii.rr.com
Mon Jun 25 14:56:54 PDT 2001 

Dave, send us your current IP if you want a scan.

Can somebody do a scan on Dave's machine?  I can't do it from work without
setting off all kinds of alarms and waking up the security people.  If not,
I can do it later on tonight.
Later,
Nelson

----- Original Message -----
From: "dave" <d.eason at home.com>
To: "Linux & Unix Advocates & Users" <luau at maile.hi.net>
Sent: Monday, June 25, 2001 11:31 AM
Subject: [luau] Re: more hack attempts?


> Nope its not me pinging anyone, I was at work at the time, no security
> is in effect except for telnet off and hosts allow/deny, I haven't had
> time to add anything else, the box has only been online for a few days.
> And please, feel free to scan/probe/etc just make sure you email me
> (d.eason at home.com) and let me know your IP so I don't panic some more :)
>
>
> -Dave
>
> -----Original Message-----
> From: Nelson Garcia [mailto:garcian002 at hawaii.rr.com]
> Sent: Monday, June 25, 2001 3:48 PM
> To: Linux & Unix Advocates & Users
> Subject: [luau] Re: more hack attempts?
>
> I suppose that's not you pinging sequential IP addresses like your log
> indicates.
> If so, you are being used and it's not gonna get better.
>
> Are you running a firewall?  Do you want us to run a scan on you?
>
>
> ----- Original Message -----
> From: "dave" <d.eason at home.com>
> To: "Linux & Unix Advocates & Users" <luau at maile.hi.net>
> Sent: Monday, June 25, 2001 07:57 AM
> Subject: [luau] more hack attempts?
>
>
> > Found these in my logs
> >
> >
> > Jun 24 10:30:48 localhost portmap[14006]: connect from 210.90.149.17
> to
> > getport(status): request from unauthorized host
> >
> > Jun 24 10:51:43 localhost kernel: ICMP: 193.247.102.64: Source Route
> > Failed.
> > Jun 24 10:51:43 localhost kernel: ICMP: 193.247.102.69: Source Route
> > Failed.
> > Jun 24 10:51:43 localhost kernel: ICMP: 193.247.102.76: Source Route
> > Failed.
> > Jun 24 10:51:43 localhost kernel: ICMP: 193.247.102.73: Source Route
> > Failed.
> > Jun 24 10:51:43 localhost kernel: ICMP: 193.247.102.65: Source Route
> > Failed.
> > Jun 24 10:51:43 localhost kernel: ICMP: 193.247.102.66: Source Route
> > Failed.
> > Jun 24 10:51:43 localhost kernel: ICMP: 193.247.102.67: Source Route
> > Failed.
> > Jun 24 10:51:43 localhost kernel: ICMP: 193.247.102.68: Source Route
> > Failed.
> > Jun 24 10:51:43 localhost kernel: ICMP: 193.247.102.70: Source Route
> > Failed.
> > Jun 24 10:51:43 localhost kernel: ICMP: 193.247.102.82: Source Route
> > Failed.
> >
> > Jun 24 12:56:48 localhost kernel: NET: 22 messages suppressed.
> > Jun 24 12:56:48 localhost kernel: neighbour table overflow
> >
> > Jun 24 14:48:16 localhost kernel: IP_MASQ:reverse ICMP: failed
> checksum
> > from 217.58.2.202!
> >
> > Jun 24 16:31:07 localhost portmap[21537]: connect from 204.144.161.36
> to
> > getport(status): request from unautho$
> > Jun 24 16:31:07 localhost portmap[21538]: connect from 204.144.161.36
> to
> > getport(status): request from unautho$
> > Jun 24 16:31:08 localhost portmap[21539]: connect from 204.144.161.36
> to
> > getport(status): request from unautho$
> > Jun 24 16:31:08 localhost portmap[21540]: connect from 204.144.161.36
> to
> > getport(status): request from unautho$
> >
> > Jun 24 19:05:59 localhost kernel: ICMP: 195.61.105.96: Source Route
> > Failed.
> > Jun 24 19:05:59 localhost kernel: ICMP: 195.61.105.97: Source Route
> > Failed.
> > Jun 24 19:05:59 localhost kernel: ICMP: 195.61.105.98: Source Route
> > Failed.
> > Jun 24 19:05:59 localhost kernel: ICMP: 195.61.105.101: Source Route
> > Failed.
> > Jun 24 19:05:59 localhost kernel: ICMP: 195.61.105.102: Source Route
> > Failed.
> > Jun 24 19:05:59 localhost kernel: ICMP: 195.61.105.105: Source Route
> > Failed.
> > Jun 24 19:05:59 localhost kernel: ICMP: 195.61.105.103: Source Route
> > Failed.
> > Jun 24 19:05:59 localhost kernel: ICMP: 195.61.105.108: Source Route
> > Failed.
> > Jun 24 19:05:59 localhost kernel: ICMP: 195.61.105.100: Source Route
> > Failed.
> > Jun 24 19:05:59 localhost kernel: ICMP: 195.61.105.99: Source Route
> > Failed.
> >
> >
> > I got email from someone saying my ip was in their "firewall" last
> > night, just a windows user but apparently whatever those logs are
> > showing someone used the box again for an attack.   Any
> > suggestions/ideas?
> >
> >
> > -Dave
> >

More information about the LUAU mailing list