I've just detected the following string of connection attempts at port 137
Sep 14 11:52:44 styx kernel: Packet log: input REJECT eth0 PROTO=17
169.254.11.163:137 206.180.199.194:137 L=78 S=0x00 I=50474 F=0x0000 T=109
(#45)
Sep 14 11:52:44 styx kernel: Packet log: input REJECT eth0 PROTO=17
24.216.1.31:137 206.180.199.194:137 L=78 S=0x00 I=50475 F=0x0000 T=109
(#45)
Sep 14 11:52:46 styx kernel: Packet log: input REJECT eth0 PROTO=17
10.0.0.1:137 206.180.199.194:137 L=78 S=0x00 I=50504 F=0x0000 T=109 (#45)
I am rather concerned with the source 10.0.0.1 packet coming into the
firewall on eth0. This is a local network packet yet appears to be
entering through the world-addressable interface on the firewall. There is
a string of attempts like this, always in this order... from 169... then
from 24... then from 10...
Is this malicious?
Thanks...
---------------------------------------------------
Every man is a moon; he has one side no one sees.
Mark Twain
---------------------------------------- 523/1424 -
Martin Krzywinski
System Administrator
Genome Sequence Center
BC Cancer Research Center
601 West 10th Avenue
Vancouver, BC V5Z 1L3
tel: (604) 415-7170
fax: (604) 415-7175
http://www.cigenomics.bc.ca
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
