Probably just a bit of spam: http://lists.insecure.org/lists/incidents/2003/Jan/0132.html
Paul. On Thu, 24 Jul 2003, Colin Fraser wrote: > Just found the following in /var/log/messages: > > Jul 24 13:23:44 elgin kernel: SuSE-FW-DROP-DEFAULT IN=ippp1 OUT= MAC= > SRC=62.134.72.190 DST=213.122.60.116 LEN=288 TOS=0x00 PREC=0x00 TTL=114 > ID=28413 PROTO=UDP SPT=4288 DPT=135 LEN=268 > Jul 24 13:23:45 elgin kernel: SuSE-FW-DROP-DEFAULT IN=ippp1 OUT= MAC= > SRC=62.134.72.190 DST=213.122.60.116 LEN=108 TOS=0x00 PREC=0x00 TTL=114 > ID=28699 PROTO=UDP SPT=4288 DPT=135 LEN=88 > Jul 24 13:23:46 elgin kernel: SuSE-FW-DROP-DEFAULT IN=ippp1 OUT= MAC= > SRC=62.134.72.190 DST=213.122.60.116 LEN=108 TOS=0x00 PREC=0x00 TTL=114 > ID=29034 PROTO=UDP SPT=4288 DPT=135 LEN=88 > Jul 24 13:23:48 elgin kernel: SuSE-FW-DROP-DEFAULT IN=ippp1 OUT= MAC= > SRC=62.134.72.190 DST=213.122.60.116 LEN=108 TOS=0x00 PREC=0x00 TTL=114 > ID=29679 PROTO=UDP SPT=4288 DPT=135 LEN=88 > Jul 24 13:23:52 elgin kernel: SuSE-FW-DROP-DEFAULT IN=ippp1 OUT= MAC= > SRC=62.134.72.190 DST=213.122.60.116 LEN=108 TOS=0x00 PREC=0x00 TTL=114 > ID=31031 PROTO=UDP SPT=4288 DPT=135 LEN=88 > Jul 24 13:24:00 elgin kernel: SuSE-FW-DROP-DEFAULT IN=ippp1 OUT= MAC= > SRC=62.134.72.190 DST=213.122.60.116 LEN=108 TOS=0x00 PREC=0x00 TTL=114 > ID=33632 PROTO=UDP SPT=4288 DPT=135 LEN=88 > Jul 24 13:24:16 elgin kernel: SuSE-FW-DROP-DEFAULT IN=ippp1 OUT= MAC= > SRC=62.134.72.190 DST=213.122.60.116 LEN=116 TOS=0x00 PREC=0x00 TTL=114 > ID=38734 PROTO=UDP SPT=4288 DPT=135 LEN=96 > > A whois shows that the source IP is registered to someone in the People's > Republic of China. Before I go off half-cocked on this one, Has anyone any > idea what it might be about? I've done a google and spotted a virus alert > about HLLP.4288 but can't find a description, other than that it affects .COM > and .EXE (another good reason for avoiding microdog!). > > Of course, our friend in China might be a victim (if he's got the virus and > it's trying to contact other instances through the net). > > Anyone got any idea of what's going on or suggestions on my next step? > > Cheers, > > Colin > > _______________________________________________ > Scottish mailing list > [EMAIL PROTECTED] > http://mailman.lug.org.uk/mailman/listinfo/scottish > -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- Particle Physics (Theory & Experimental) Groups Dr Paul Millar Department of Physics and Astronomy [EMAIL PROTECTED] University of Glasgow [EMAIL PROTECTED] Glasgow, G12 8QQ, Scotland http://www.astro.gla.ac.uk/users/paulm +44 (0)141 330 4717 A54C A9FC 6A77 1664 2E4E 90E3 FFD2 704B BF0F 03E9 -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- _______________________________________________ Scottish mailing list [EMAIL PROTECTED] http://mailman.lug.org.uk/mailman/listinfo/scottish