Re: what's happening?

Sat, 07 Jul 2001 08:34:59 -0700

TCP 111, TCP515, TCP 12345 are all wellknown hacks.  It looks like you've been scanned for these hacks by some script kiddies.  Sure is enough to wake you up, though.  TCP 111 is RPC.  TCP515 is LPD, TCP 12345 is some sort of trojan, I think NetBus.  For more information on these hacks, check out http://www.securityfocus.com and search on these ports.  You want to look up who owns these address ranges (at www.arin.net) and email the people in charge of their security issues.  Include the logs, etc.. and voice your concerns.  Don't expect an answer, but you may receive one.  Either way, the incident is noted and you've pretty much done all you can do.  You most likely have not been hacked, but this is intrusive behavior and needs to be addressed.

"MW Chang (linuxisum)" <[EMAIL PROTECTED]>
Sent by: [EMAIL PROTECTED]
07/07/2001 06:24 PM ZE8
Please respond to linux-users

To: Linux Users <[EMAIL PROTECTED]>
cc:
bcc:
Subject: what's happening?


Was I being hacked or was it a false alarm?
I have rc.firewall.hundley and portsentry running.

I noticed the most recent one is from networksolutions.com,
puzzling...
Jul  1 22:31:06 server kernel: Packet log: input REJECT ppp0 PROTO=6  211.180.221.73:1099   203.198.21.135:111   L=60 S=0x00 I=31690 F=0x4000 T=51 SYN (#42)
Jul  1 22:38:46 server kernel: Packet log: input REJECT ppp0 PROTO=6  195.134.35.145:2580   203.198.21.135:111   L=60 S=0x00 I=44490 F=0x4000 T=46 SYN (#42)
Jul  1 23:31:56 server kernel: Packet log: input REJECT ppp0 PROTO=6  202.178.237.174:3649  203.198.21.135:111   L=60 S=0x00 I=46517 F=0x4000 T=48 SYN (#42)
Jul  2 18:08:29 server kernel: Packet log: input REJECT ppp0 PROTO=6  202.123.202.130:4988  207.176.120.50:515   L=60 S=0x00 I=19882 F=0x4000 T=58 SYN (#42)
Jul  3 21:38:35 server kernel: Packet log: input REJECT ppp0 PROTO=6  140.136.215.121:1047  168.70.138.114:515   L=60 S=0x00 I=10523 F=0x4000 T=40 SYN (#42)
Jul  4 09:50:24 server kernel: Packet log: input REJECT ppp0 PROTO=6  146.96.245.5:4799     205.252.149.112:111  L=60 S=0x00 I=45070 F=0x4000 T=48 SYN (#42)
Jul  4 20:03:01 server kernel: Packet log: input REJECT ppp0 PROTO=17 168.70.138.162:1037   168.70.138.168:22    L=30 S=0x00 I=38152 F=0x0000 T=127 (#42)
Jul  4 22:21:08 server kernel: Packet log: input REJECT ppp0 PROTO=6  203.227.135.24:4008   203.198.134.153:111  L=60 S=0x00 I=25023 F=0x4000 T=53 SYN (#42)
Jul  5 11:34:24 server kernel: Packet log: input REJECT ppp1 PROTO=17 203.198.169.55:1378   168.70.143.74:5632   L=30 S=0x00 I=42061 F=0x0000 T=124 (#42)
Jul  5 13:54:35 server kernel: Packet log: input REJECT ppp1 PROTO=6  61.140.60.25:80       168.70.143.74:45636  L=40 S=0x00 I=14046 F=0x4000 T=52 (#42)
Jul  5 18:55:49 server kernel: Packet log: input REJECT ppp0 PROTO=6  202.128.136.98:2700   203.198.134.2:111    L=60 S=0x00 I=60061 F=0x4000 T=53 SYN (#42)
Jul  5 19:18:20 server kernel: Packet log: input REJECT ppp0 PROTO=6  211.252.190.116:4196  203.198.134.2:111    L=60 S=0x00 I=48301 F=0x4000 T=48 SYN (#42)
Jul  6 10:12:11 server kernel: Packet log: input REJECT ppp0 PROTO=6  61.129.64.5:2927      203.198.21.185:515   L=60 S=0x00 I=34473 F=0x4000 T=51 SYN (#42)
Jul  6 12:20:59 server kernel: Packet log: input REJECT ppp0 PROTO=6  203.144.255.146:4563  203.198.21.185:111   L=60 S=0x00 I=62321 F=0x4000 T=46 SYN (#42)
Jul  6 12:47:18 server kernel: Packet log: input REJECT ppp0 PROTO=6  210.180.202.200:4632  203.198.21.185:111   L=60 S=0x00 I=50939 F=0x4000 T=49 SYN (#42)
Jul  6 13:50:18 server kernel: Packet log: input REJECT ppp0 PROTO=6  203.198.228.185:2371  203.198.21.185:12345 L=48 S=0x00 I=48417 F=0x4000 T=125 SYN (#11)
Jul  6 14:27:07 server kernel: Packet log: input REJECT ppp0 PROTO=6  203.227.135.24:4608   203.198.21.185:111   L=60 S=0x00 I=60772 F=0x4000 T=53 SYN (#42)
Jul  6 15:55:17 server kernel: Packet log: input REJECT ppp0 PROTO=6  194.102.253.41:3224   203.198.21.185:111   L=60 S=0x00 I=52498 F=0x4000 T=42 SYN (#42)
Jul  6 18:36:04 server kernel: Packet log: input REJECT ppp0 PROTO=6  211.0.60.2:1954       203.198.21.185:111   L=60 S=0x00 I=17002 F=0x4000 T=40 SYN (#42)
Jul  7 10:24:57 server kernel: Packet log: input REJECT ppp0 PROTO=6  203.198.108.163:2738  168.70.138.6:12345   L=48 S=0x00 I=3634  F=0x4000 T=125 SYN (#11)
Jul  7 17:18:17 server kernel: Packet log: input REJECT ppp0 PROTO=6  202.128.136.98:1698   203.198.134.194:111  L=60 S=0x00 I=38352 F=0x4000 T=54 SYN (#42)
Jul  7 18:02:23 server kernel: Packet log: input REJECT ppp0 PROTO=6  211.105.222.13:2766   203.198.134.194:111  L=60 S=0x00 I=25843 F=0x4000 T=53 SYN (#42)

_______________________________________________ http://linux.nf -- [EMAIL PROTECTED] Archives, Subscribe, Unsubscribe, Digest, Etc ->http://linux.nf/mailman/listinfo/linux-users

Reply via email to