[newbie] unusual syslog entries can someone help?

Fireman71 Sun, 11 Feb 2001 17:23:21 -0800
was checking my /var/log/messages file earlier and noticed some unusual
stuff and thought i would send it out and see what you all thought....

/var/log/messages #1
Feb 11 04:03:02 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
207.144.156.152:631 255.255.255.255:631 L=117 S=0x00 I=63299 F=0x0000 T=64
(#34)
Feb 11 04:03:33 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
207.144.156.152:631 255.255.255.255:631 L=117 S=0x00 I=63304 F=0x0000 T=64
(#34)
Feb 11 04:04:04 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
207.144.156.152:631 255.255.255.255:631 L=117 S=0x00 I=63305 F=0x0000 T=64
(#34)
Feb 11 04:04:35 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
207.144.156.152:631 255.255.255.255:631 L=117 S=0x00 I=63312 F=0x0000 T=64
(#34)
Feb 11 04:05:06 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
207.144.156.152:631 255.255.255.255:631 L=117 S=0x00 I=63313 F=0x0000 T=64
(#34)
Feb 11 04:05:37 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
207.144.156.152:631 255.255.255.255:631 L=117 S=0x00 I=63318 F=0x0000 T=64
(#34)
Feb 11 04:06:08 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
207.144.156.152:631 255.255.255.255:631 L=117 S=0x00 I=63319 F=0x0000 T=64
(#34)

<snip>this entry is repeated every 31 seconds until....

207.144.156.152:631 255.255.255.255:631 L=117 S=0x00 I=42689 F=0x0000 T=64
(#34)
Feb 11 11:32:51 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
207.144.156.152:631 255.255.255.255:631 L=117 S=0x00 I=42690 F=0x0000 T=64
(#34)
Feb 11 11:34:16 hp1 ifup-ppp: pppd started for ppp0 on /dev/modem at 115200
Feb 11 11:34:48 hp1 pppd[9121]: Using interface ppp0
Feb 11 11:34:48 hp1 pppd[9121]: Connect: ppp0 <--> /dev/modem
Feb 11 11:35:03 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
192.203.230.10:53 207.144.214.27:1024 L=477 S=0x00 I=59322 F=0x4000 T=17
(#34)
Feb 11 11:35:04 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
204.116.57.2:53 207.144.214.27:1027 L=148 S=0x00 I=11336 F=0x0000 T=26 (#34)
Feb 11 11:35:07 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
192.33.4.12:53 207.144.214.27:1024 L=477 S=0x00 I=34023 F=0x4000 T=244 (#34)
Feb 11 11:35:09 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
206.74.254.2:53 207.144.214.27:1027 L=148 S=0x00 I=27220 F=0x4000 T=25 (#34)
Feb 11 11:35:11 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
198.41.0.10:53 207.144.214.27:1024 L=477 S=0x00 I=45844 F=0x0000 T=53 (#34)
Feb 11 11:35:15 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
128.8.10.90:53 207.144.214.27:1024 L=477 S=0x00 I=10466 F=0x0000 T=56 (#34)
Feb 11 11:35:17 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
204.116.57.2:53 207.144.214.27:1027 L=148 S=0x00 I=13973 F=0x0000 T=26 (#34)
Feb 11 11:35:19 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
192.5.5.241:53 207.144.214.27:1024 L=477 S=0x00 I=63027 F=0x4000 T=16 (#34)
Feb 11 11:35:20 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
206.74.254.2:53 207.144.214.27:1027 L=148 S=0x00 I=30907 F=0x4000 T=25 (#34)
Feb 11 11:35:23 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
192.36.148.17:53 207.144.214.27:1024 L=477 S=0x00 I=7447 F=0x0000 T=45 (#34)
Feb 11 11:35:27 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
192.112.36.4:53 207.144.214.27:1024 L=477 S=0x00 I=27345 F=0x4000 T=245
(#34)
Feb 11 11:35:30 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
204.116.57.2:53 207.144.214.27:1027 L=148 S=0x00 I=16572 F=0x0000 T=26 (#34)
Feb 11 11:35:31 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
193.0.14.129:53 207.144.214.27:1024 L=477 S=0x00 I=6240 F=0x0000 T=50 (#34)
Feb 11 11:35:35 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
128.9.0.107:53 207.144.214.27:1024 L=477 S=0x00 I=24155 F=0x4000 T=237 (#34)

<snip> i kept getting requests from a variety of ip#s until...

Feb 11 13:43:09 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
198.41.0.4:53 207.144.244.100:1024 L=141 S=0x00 I=36954 F=0x0000 T=48 (#34)
Feb 11 13:43:16 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
204.116.57.2:53 207.144.244.100:1027 L=148 S=0x00 I=20137 F=0x0000 T=26
(#34)
Feb 11 13:43:29 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
206.74.254.2:53 207.144.244.100:1027 L=493 S=0x00 I=37323 F=0x4000 T=25
(#34)
Feb 11 13:47:44 hp1 kernel: Packet log: input DENY ppp0 PROTO=6
63.66.204.66:2956 207.144.244.100:53 L=60 S=0x00 I=41991 F=0x4000 T=50 SYN
(#34)
Feb 11 17:07:55 hp1 kernel: Packet log: input DENY ppp0 PROTO=6
210.97.4.253:3433 207.144.244.100:98 L=60 S=0x00 I=10780 F=0x4000 T=45 SYN
(#34)
Feb 11 17:07:58 hp1 kernel: Packet log: input DENY ppp0 PROTO=6
210.97.4.253:3433 207.144.244.100:98 L=60 S=0x00 I=14182 F=0x4000 T=45 SYN
(#34)
Feb 11 17:55:14 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
199.90.74.52:137 207.144.244.100:137 L=78 S=0x00 I=9682 F=0x0000 T=111 (#34)
Feb 11 17:55:16 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
199.90.74.52:137 207.144.244.100:137 L=78 S=0x00 I=26066 F=0x0000 T=112
(#34)
Feb 11 17:55:17 hp1 kernel: Packet log: input DENY ppp0 PROTO=17
199.90.74.52:137 207.144.244.100:137 L=78 S=0x00 I=29394 F=0x0000 T=112
(#34)
Feb 11 18:15:33 hp1 kernel: Packet log: input DENY ppp0 PROTO=6
128.239.101.6:4669 207.144.244.100:53 L=60 S=0x00 I=19267 F=0x4000 T=53 SYN
(#34)
Feb 11 18:15:36 hp1 kernel: Packet log: input DENY ppp0 PROTO=6
128.239.101.6:4669 207.144.244.100:53 L=60 S=0x00 I=20396 F=0x4000 T=53 SYN
(#34)


As the log shows this has been going on most all day. Is someone attempting
to hack my comp or is something totally screwed up?

Thanks in advance,
Ian K. Harrell
[EMAIL PROTECTED]
[newbie] unusual syslog entries can someone help?

Reply via email to
