On Sun, 31 Dec 2000 12:16:59 MST, JD Kitch writes: >Can anyone tell me what this person is looking for here, and how I >can find out where this is coming from?
port 161 is snmp, so it looks like someoneĀ“s trying to get information about your machine (or something at your ISP or the like is misconfigured), proto 17 is UDP which fits snugly since snmp is udp-based. >Security Violations >=-=-=-=-=-=-=-=-=-= >Dec 31 11:06:47 tower kernel: Packet log: output REJECT eth0 PROTO=17 xx.xx.xx >x.xx:61662 172.16.72.113:161 L=106 S=0x00 I=7632 F=0x0000 T=127 (#43) <snip> >I've been unable to track it down. I've had pages and pages of this >every hour since early yesterday, always coming from the same IP, to >the same port. look for the ip-adress with whois -h whois.[ripe|arin|apnic].net <ipaddress> and complain to the ISP/organization responsible for it. hth, &rw -- / Ing. Robert Waldner | Network Engineer | T: +43 1 89933 F: x533 \ \ <[EMAIL PROTECTED]> | KPNQwest/AT | Diefenbachg. 35, A-1150 /
