system check message question
Ben Beeson
beesond001 at hawaii.rr.com
Tue May 1 01:15:13 PDT 2001
Jeff,
Thanks Jeff. I don't have Back Orifice - I run Unix.... Anyway, this
is just the first time I have seen such an obviously forged IP address, I
thought I'd ask and see if anyone else had seen it.
Thanks again,
Ben
On Mon, 30 Apr 2001, you wrote:
> There have been alot of reports of people seeing the exact same thing over
> the last two weeks. I havn't really heard much about it besides that its
> been seen though. It seems to (so far) be just a passive scan with no
> accompaning attacks, although I'd assume that if you do have Back Orifice
> installed . . . 1.2.3.4 is just one of the more commonly spoofed IP's.
> In fact its used as an example IP in alot of different places. I guess
> these new script kiddies either have no imagination, or no idea that they
> can change it ;)
>
> Jeff Wong
>
> On Mon, 30 Apr 2001, Ben Beeson wrote:
>
> > Aloha all,
> >
> > The below line appeared in my /var/log/messages file and I am curious
> > about it. I think port 31337 is for Back Orifice, a windows attack that I
> > should be relatively immune from. However, that said, I am curious how the IP
> > address 1.2.3.4 materialized. I am not sure that this is a 'legal' address.
> > 'dig' returns nothing..... Has anyone else seen this???
> >
> > Thanks,
> >
> > Ben
> >
> >
> > Security Violations
> > =-=-=-=-=-=-=-=-=-=
> > Apr 29 16:50:39 kernel: Packet log: input DENY eth0 PROTO=17 1.2.3.4:1024 24.94.83.89:31337 L=81 S=0x00 I=20326 F=0x0000 T=111 (#8)
> >
> > ---
> > You are currently subscribed to luau as: jmwong at math.ed.hawaii.edu
> > To unsubscribe send a blank email to $subst('Email.Unsub')
> >
>
>
> ---
> You are currently subscribed to luau as: beesond001 at hawaii.rr.com
> To unsubscribe send a blank email to $subst('Email.Unsub')
More information about the LUAU
mailing list