Thanks. Well, I'm not using FTP on the box, so all traffic directed at that port is dropped by IPTables. Actually, these messages are from my system log (and it was IPTables who logged it there). But, do you think it was an attempt to break in? I got 4-5 of each of those 2. And 1 of the "WARNING: Fraglist" message...
//Tore Nilsson >On Sat, 23 Nov 2002 at 02:11:00PM +0100, Tore Nilsson wrote: >> Hello! >Greets. >> Got this message sent to me by email from logcheck: >> snort: WARNING: Bad insert in fraglist for FragTracker 0x8511388 >Not a clue...sorry. > >> I also got this: >> Nov 22 16:39:32 otaku kernel: auditIN=eth0 OUT= >> MAC=00:02:e3:18:0a:7a:00:04:c1:3a:9e:42:08:00 SRC=200.214.189.168 >> DST=213.114.36.73 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=15141 DF PROTO=TCP >> SPT=41134 DPT=21 WINDOW=5840 RES=0x00 SYN URGP=0 >Someone from 200.214.189.168 tried to connect (SYN) to your machine on >port 21 (FTP-Control) suggesting a TCP/IP Window size of 5 kb. It is >up to the administrator to decide if this is acceptable activity. > > >> Nov 23 10:48:13 otaku kernel: auditIN=eth0 OUT= >> MAC=00:02:e3:18:0a:7a:00:04:c1:3a:9e:42:08:00 SRC=80.143.237.209 >> DST=213.114.36.73 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=13953 DF PROTO=TCP >> SPT=3000 DPT=21 WINDOW=32767 RES=0x00 SYN URGP=0 >Same, except a different IP and a window size suggestion of 32 kb > > >ttyl, >-- >Phil > >PGP/GPG Key: >http://www.zionlth.org/~plhofmei/ >wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import >-- >Excuse #8: Hardware stress fractures -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]