On 15 Jan 1999 [EMAIL PROTECTED] wrote:
> Just returned from dinner to find a hell of a lot of activity directed
> at my box. I'm including the log excerpts here. Don't know if this guy
> just picked me, or if he's on the rampage. Keep an eye out for
> him/her/it.
I also got similar scans from the same host. On a related note, I also got
a bunch (about 850) of udp port 138 (netbios-dgm) requests from a UT host,
dhcp-45-159.bus.utexas.edu. Is this just a misconfigured windows machine
or might it be indicative of some sort of probe/attack? I don't run samba
and most well known ports are blocked with ipfwadm so I'm not sure if I
should be concerned or even bother reporting it.
Jan 13 12:08:19 blue kernel: IP fw-in deny ppp0 UDP 146.6.45.159:138
128.83.253.115:138 L=386 S=0x00 I=30748 F=0x0000 T=125
[above repeated about once a minute until next entry...]
Jan 14 02:19:58 blue kernel: IP fw-in deny ppp0 UDP 146.6.45.159:138
128.83.253.115:138 L=386 S=0x00 I=63666 F=0x0000 T=125
__
-Peter Frouman | [EMAIL PROTECTED]
Zippy says:
I am covered with pure vegetable oil and I am writing a best seller!
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
