In llooking throgh the logs this morning on our firewall/masquerade box I
found the following:
Apr 15 07:35:53 firewall identd[1952]: Connection from
samuel.math.rwth-aachen.de
Apr 15 07:35:54 firewall identd[1954]: Connection from
samuel.math.rwth-aachen.de
Apr 15 07:35:53 firewall identd[1951]: Connection from
samuel.math.rwth-aachen.de
Apr 15 07:35:54 firewall identd[1953]: Connection from
samuel.math.rwth-aachen.de
Apr 15 07:35:55 firewall identd[1951]: from: 137.226.152.195 (
samuel.math.rwth-aachen.de ) for: 61045, 80
Apr 15 07:35:55 firewall identd[1952]: from: 137.226.152.195 (
samuel.math.rwth-aachen.de ) for: 61046, 80
Apr 15 07:35:55 firewall identd[1953]: from: 137.226.152.195 (
samuel.math.rwth-aachen.de ) for: 61047, 80
Apr 15 07:35:57 firewall identd[1952]: Returned: 61046 , 80 : NO-USER
Apr 15 07:35:57 firewall identd[1953]: Returned: 61047 , 80 : NO-USER
Apr 15 07:35:57 firewall identd[1951]: Returned: 61045 , 80 : NO-USER
(repeat for next ~40 minutes)
This machine runs diald & calls our ISP as needed, getting a dynamically
assigned IP number each time. Our ISP is pretty busy, so we go a long time
before reusing the same IP number. My questions:
1) Was someone pulling something funny?
2) If so, how on earth did they get/choose the IP number assigned to our
firewall?
3) Should/can I do anything about it?
The IP number is assigned to the Aachen University of Technology in Aachen,
Germany and it hosts both FTP and HTTP, but nothing I ever visited (I was
the only one in the building at the time).
Pointers to sources of information would be appreciated!
Ed Jaeger, CFO, Bohlender Graebener Corporation
[EMAIL PROTECTED]
http://www.bgcorp.com
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
