on 10/14/02 3:09 PM, [EMAIL PROTECTED] at [EMAIL PROTECTED] wrote: > port 1433.. isn't that Citrix or more specifically the ICA > protocol. Or was it VNC... > > joey
Not Citrix: that's 1494... Dale Mirenda > > > On Mon, 14 Oct 2002 23:29:42 +0200 > Jon Clausen <[EMAIL PROTECTED]> wrote: >> Logged into a remote Dachstein box to check up on >> something else, and I >> see huge amounts of denied packets in >> /var/log/messages... >> >> Connection attempts from f.x: >> >> 10.131.224.1:3 -> 62.243.222.62:1 >> ^^unknown^^ ^^my remote^^ >> >> I see a bunch of these from different IPs (that is, from >> port 3 to port >> 1)... dunno what to make of that, but then there's this >> guy: >> >> # grep 65.82.107.120 $_ | nl >> 1 Oct 14 15:05:56 skilderhus kernel: Packet log: >> input DENY eth0 >> PROTO=1 65.82.107.120:5 62.243.222.62:0 L=56 S=0x00 >> I=5685 F=0x0000 T=45 >> (#2) >> >> <continues in 'bursts' to:> >> ... >> >> 164 Oct 14 15:06:07 skilderhus kernel: Packet log: >> input DENY eth0 >> PROTO=1 65.82.107.120:5 62.243.222.62:0 L=56 S=0x00 >> I=5866 F=0x0000 T=45 >> (#2) >> >> is this some kind of DoS? Am I under attack, or is it >> just some >> misconfigured box? >> >> I nmapped the IP, and the only thing that came up was: >> Port State Service >> 1433/tcp open ms-sql-s >> >> -so I'm guessing it's a zombie windows host... (?) >> >> TIA >> >> Jon Clausen >> >> >> ------------------------------------------------------- >> This sf.net email is sponsored by:ThinkGeek >> Welcome to geek heaven. >> http://thinkgeek.com/sf >> > ------------------------------------------------------------------------ >> leaf-user mailing list: [EMAIL PROTECTED] >> https://lists.sourceforge.net/lists/listinfo/leaf-user >> SR FAQ: >> > http://leaf-project.org/pub/doc/docmanager/docid_1891.html > > > > ------------------------------------------------------- > This sf.net email is sponsored by:ThinkGeek > Welcome to geek heaven. > http://thinkgeek.com/sf > ------------------------------------------------------------------------ > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
