Logged into a remote Dachstein box to check up on something else, and I
see huge amounts of denied packets in /var/log/messages...
Connection attempts from f.x:
10.131.224.1:3 -> 62.243.222.62:1
^^unknown^^ ^^my remote^^
I see a bunch of these from different IPs (that is, from port 3 to port
1)... dunno what to make of that, but then there's this guy:
# grep 65.82.107.120 $_ | nl
1 Oct 14 15:05:56 skilderhus kernel: Packet log: input DENY eth0
PROTO=1 65.82.107.120:5 62.243.222.62:0 L=56 S=0x00 I=5685 F=0x0000 T=45
(#2)
<continues in 'bursts' to:>
...
164 Oct 14 15:06:07 skilderhus kernel: Packet log: input DENY eth0
PROTO=1 65.82.107.120:5 62.243.222.62:0 L=56 S=0x00 I=5866 F=0x0000 T=45
(#2)
is this some kind of DoS? Am I under attack, or is it just some
misconfigured box?
I nmapped the IP, and the only thing that came up was:
Port State Service
1433/tcp open ms-sql-s
-so I'm guessing it's a zombie windows host... (?)
TIA
Jon Clausen
-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
