Second, this seems a bit more focused than an ordinary port scan, but that you (assuming 63.206.196.108 is "you", something you don't actually mention) are being scanned is a good guess. The TCP ports involved are 80, 8080, 81, and 8081 (all common ports to run an http server on), 23 (telnet), 6667 (an IRC port), and 3128 (Squid) ... all excellent candidates for attacks (I don't actually know any Squid vulnerabilities, but there are common exploits for the others).
The source address seems to be associated with dal.net, a big IRC provider. You They've been around for a long time, and way back when, they had a solid reputation. It might be worth calling this to their attention.
Of course, all of this is somewhat of a guess, since aside from the log entries themselves, I know nothing about your configuration, includng what services you actually run.
At 01:34 PM 10/17/02 -0700, Mark Ivey wrote:
I pulled these log entries out of the weblet. What was being attempted here? Is this a simple port scan? Anything to be concerned about?-Mark Ivey- Bering LEAF Firewall ::hits caused by 66.28.140.212:: Oct 17 07:58:38 firewall kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC= SRC=66.28.140.212 DST=63.206.196.108 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=51200 DF PROTO=TCP SPT=2022 DPT=1080 WINDOW=57344 RES=0x00 SYN URGP=0
[rest deleted] -- -------------------------------------------"Never tell me the odds!"-------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------- ------------------------------------------------------- This sf.net email is sponsored by: viaVerio will pay you up to $1,000 for every account that you consolidate with us. http://ad.doubleclick.net/clk;4749864;7604308;v? http://www.viaverio.com/consolidator/osdn.cfm ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
