system check message question

jay jay at musubi.org
Tue May 1 01:46:07 PDT 2001


what i don't understand is where would spoofing 1.2.3.4 get you
unless you were either using loose source routing or sniffing
traffic on the same wire and could see an ack go out?
that one entry doesn't look like an attempt at a DDOS.  unless
they were using the nmap decoy option, but then you'd be seeing
other scans on that port by different IPs...

am i thinking about this too much?
time for a nap.

=jay

On Mon, 30 Apr 2001, Jeffrey Wong wrote:

> There have been alot of reports of people seeing the exact same thing over
> the last two weeks.  I havn't really heard much about it besides that its
> been seen though.  It seems to (so far) be just a passive scan with no
> accompaning attacks, although I'd assume that if you do have Back Orifice
> installed . . .  1.2.3.4 is just one of the more commonly spoofed IP's.
> In fact its used as an example IP in alot of different places.  I guess
> these new script kiddies either have no imagination, or no idea that they
> can change it ;)
>
> Jeff Wong
>
> On Mon, 30 Apr 2001, Ben Beeson wrote:
>
> > Aloha all,
> >
> > 	The below line appeared in my /var/log/messages file and I am curious
> > about it.  I think port 31337 is for Back Orifice, a windows attack that I
> > should be relatively immune from.  However, that said, I am curious how the IP
> > address 1.2.3.4 materialized.  I am not sure that this is a 'legal' address.
> > 'dig' returns nothing.....  Has anyone else seen this???
> >
> > Thanks,
> >
> > Ben
> >
> >
> > Security Violations
> > =-=-=-=-=-=-=-=-=-=
> > Apr 29 16:50:39 kernel: Packet log: input DENY eth0 PROTO=17 1.2.3.4:1024 24.94.83.89:31337 L=81 S=0x00 I=20326 F=0x0000 T=111 (#8)
> >
> > ---
> > You are currently subscribed to luau as: jmwong at math.ed.hawaii.edu
> > To unsubscribe send a blank email to $subst('Email.Unsub')
> >
>
>
> ---
> You are currently subscribed to luau as: jay at musubi.org
> To unsubscribe send a blank email to $subst('Email.Unsub')
>



More information about the LUAU mailing list