On Sat, 30 Nov 2002, Lorne wrote: > I am kind of confused. I just rebuilt my mandrake security firewall. Snort > didn't install correctly. It did on the second attempt. Now the system has > been up for 4 hours approximately and it looks like perhaps I'm already in > trouble!?!?!?! > /snort/portscan.log:Nov 30 17:15:03 xxx.3.247.xxx:1024 -> 68.2.16.30:53 UDP > /snort/portscan.log:Nov 30 17:15:03 xxx.3.247.xxx:1024 -> 68.2.16.30:53 UDP > /snort/portscan.log:Nov 30 17:15:11 xxx.3.247.xxx:1024 -> 68.2.16.30:53 UDP > > The first IP address is me! According to snort, I'm attacking this other > address? This makes no sense to me. how could my box be compromised in less > than 12 hours flat if it is set to high security? Incidentally that second IP > is the one that has been attacking me, so my guess is I'm mis reading this. > ?? Help!
There's nothing wrong here. # host 68.2.16.30 30.16.2.68.in-addr.arpa domain name pointer ns1.ph.cox.net. port 53 is used by bind/named/dns, and I would guess that your ISP is cox.net ! Your machine is requesting DNS name resolution for sites you visit (via browser). All pretty normal. Thanks... Dan.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
