port 1433.. isn't that Citrix or more specifically the ICA protocol. Or was it VNC...
joey On Mon, 14 Oct 2002 23:29:42 +0200 Jon Clausen <[EMAIL PROTECTED]> wrote: > Logged into a remote Dachstein box to check up on > something else, and I > see huge amounts of denied packets in > /var/log/messages... > > Connection attempts from f.x: > > 10.131.224.1:3 -> 62.243.222.62:1 > ^^unknown^^ ^^my remote^^ > > I see a bunch of these from different IPs (that is, from > port 3 to port > 1)... dunno what to make of that, but then there's this > guy: > > # grep 65.82.107.120 $_ | nl > 1 Oct 14 15:05:56 skilderhus kernel: Packet log: > input DENY eth0 > PROTO=1 65.82.107.120:5 62.243.222.62:0 L=56 S=0x00 > I=5685 F=0x0000 T=45 > (#2) > > <continues in 'bursts' to:> > ... > > 164 Oct 14 15:06:07 skilderhus kernel: Packet log: > input DENY eth0 > PROTO=1 65.82.107.120:5 62.243.222.62:0 L=56 S=0x00 > I=5866 F=0x0000 T=45 > (#2) > > is this some kind of DoS? Am I under attack, or is it > just some > misconfigured box? > > I nmapped the IP, and the only thing that came up was: > Port State Service > 1433/tcp open ms-sql-s > > -so I'm guessing it's a zombie windows host... (?) > > TIA > > Jon Clausen > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > ------------------------------------------------------------------------ > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: > http://leaf-project.org/pub/doc/docmanager/docid_1891.html ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
