Tom,
Sorry this response is so late, but I haven't been paying much
attention to the list lately. This is actually semi-common.
Sometimes things are reported in numbers rather than words. It
looks like someone was trying to connect ( or did connect) to the
FTP port (21) on your system. I believe the order is : protocol,
originating port, destination port. So, in this case, it would be
ICMP from port 997 on their machine to port 21 on your
machine.The second one, however, is a little wierd. Protocol 2 is
IGMP. My guess would be that someone ran a port scan on you,
found port 21 open, then used IGMP packets to get an error
message from your system in order to determine the OS. OS
"fingerprinting" as it is called, is built into NMap, Nessus, and
is the sole purpose of QueSO.
FYI,
Kenny
Tom Rauschenbach wrote:
>
> I just saw this in my /var/log/messages. Am I under attack ?
>
> Aug 16 18:52:42 localhost identd[4337]: Connection from awpti.org
> Aug 16 18:52:42 localhost identd[4337]: from: 204.62.193.74 ( awpti.org ) for: 1
> 997, 21
>
> Aug 16 19:02:41 localhost identd[4468]: Connection from awpti.org
> Aug 16 19:02:45 localhost identd[4468]: from: 204.62.193.74 ( awpti.org ) for: 2
> 004, 21
>
> --
> Standard is better than better. If your web page cares what browser I'm using
> it's broken.
> [EMAIL PROTECTED]
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
