Connections from multiple decoys

Steve Cody Wed, 8 Dec 1999 14:55:21 -0800
Here is an excerpt from my log file.  I use IPCHAINS.  Could this be someone
making connection attempts and is spoofing their IP address?  This is a
small sample, but there were multiple connection attempts from each IP
address.  There are several distinct addresses.  Within a 13 minute period,
these connections were from 4 different addresses.  What can be gained by
the connection attempts they are trying?  Connecting to port 17478, 6970,
and 3202..

Steve Cody

Dec  8 13:30:20 brimstone kernel: Packet log: input DENY eth1 PROTO=6
204.116.72.210:3721 12.24.136.3:17478 L=48 S=0x00 I=8451 F=0x4000 T=108
Dec  8 13:30:41 brimstone kernel: Packet log: input DENY eth1 PROTO=6
134.100.14.129:20 12.24.136.3:3202 L=44 S=0x08 I=56391 F=0x4000 T=233
Dec  8 13:30:53 brimstone kernel: Packet log: input DENY eth1 PROTO=6
134.100.14.129:20 12.24.136.3:3202 L=44 S=0x08 I=56393 F=0x4000 T=233
Dec  8 13:31:14 brimstone kernel: Packet log: input DENY eth1 PROTO=6
204.116.72.210:3722 12.24.136.3:17478 L=48 S=0x00 I=8707 F=0x4000 T=108
Dec  8 13:31:17 brimstone kernel: Packet log: input DENY eth1 PROTO=6
204.116.72.210:3722 12.24.136.3:17478 L=48 S=0x00 I=8963 F=0x4000 T=108
Dec  8 13:31:19 brimstone kernel: Packet log: input DENY eth1 PROTO=6
134.100.14.129:20 12.24.136.3:3202 L=44 S=0x08 I=56394 F=0x4000 T=233
Dec  8 13:31:23 brimstone kernel: Packet log: input DENY eth1 PROTO=6
204.116.72.210:3722 12.24.136.3:17478 L=48 S=0x00 I=11267 F=0x4000 T=108
Dec  8 13:31:35 brimstone kernel: Packet log: input DENY eth1 PROTO=6
204.116.72.210:3722 12.24.136.3:17478 L=48 S=0x00 I=11523 F=0x4000 T=108
Dec  8 13:32:06 brimstone kernel: Packet log: input DENY eth1 PROTO=6
134.100.14.129:20 12.24.136.3:3202 L=44 S=0x08 I=36709 F=0x4000 T=233
Dec  8 13:32:23 brimstone kernel: Packet log: input DENY eth1 PROTO=6
204.116.72.210:3724 12.24.136.3:17478 L=48 S=0x00 I=12035 F=0x4000 T=108
Dec  8 13:32:26 brimstone kernel: Packet log: input DENY eth1 PROTO=6
204.116.72.210:3724 12.24.136.3:17478 L=48 S=0x00 I=13315 F=0x4000 T=108
Dec  8 13:32:33 brimstone kernel: Packet log: input DENY eth1 PROTO=6
204.116.72.210:3724 12.24.136.3:17478 L=48 S=0x00 I=14595 F=0x4000 T=108
Dec  8 13:32:43 brimstone kernel: Packet log: input DENY eth1 PROTO=6
204.116.72.210:3724 12.24.136.3:17478 L=48 S=0x00 I=14851 F=0x4000 T=108
Dec  8 13:33:04 brimstone kernel: Packet log: input DENY eth1 PROTO=6
134.100.14.129:20 12.24.136.3:3202 L=44 S=0x08 I=27423 F=0x4000 T=233
Dec  8 13:40:25 brimstone kernel: Packet log: input DENY eth1 PROTO=17
166.49.72.189:1906 12.24.136.3:6970 L=282 S=0x00 I=23513 F=0x0000 T=57
Dec  8 13:40:25 brimstone kernel: Packet log: input DENY eth1 PROTO=17
166.49.72.189:1906 12.24.136.3:6970 L=272 S=0x00 I=23526 F=0x0000 T=57
Dec  8 13:43:13 brimstone kernel: Packet log: input DENY eth1 PROTO=17
128.11.18.26:1912 12.24.136.3:6970 L=346 S=0x00 I=21048 F=0x0000 T=54
Dec  8 13:43:13 brimstone kernel: Packet log: input DENY eth1 PROTO=17
128.11.18.26:1912 12.24.136.3:6970 L=336 S=0x00 I=21081 F=0x0000 T=54
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
Connections from multiple decoys

Reply via email to
