At 04:42 PM 2/8/00 -0800, you wrote:
>My LogCheck sent this to me, was wondering what exactly the attempt
>was, any ideas.
>
>Security Violations
>=-=-=-=-=-=-=-=-=-=
>Feb 8 16:03:59 scarieville kernel: IP_MASQ:reverse ICMP: failed
>checksum from
>216.68.170.159!
>
>Unusual System Events
>=-=-=-=-=-=-=-=-=-=-=
>Feb 8 16:03:59 scarieville kernel: IP_MASQ:reverse ICMP: failed
>checksum from
>216.68.170.159!
Could have been a winnuke attempt. Some winnukes exploit security holes and
bugs in 'doze's ICMP network support module; of course, when the losers who
sling them land one on a linux box instead of a 'doze box, not only don't
they crash their would-be victim's box, they leave nice little fingerprints
in the system log file with their IP address written all over it...
--
.*. "Clouds are not spheres, mountains are not cones, coastlines are not
-() < circles, and bark is not smooth, nor does lightning travel in a
`*' straight line." -------------------------------------------------
-- B. Mandelbrot |http://surf.to/pgd.net [EMAIL PROTECTED]
_____________________ ____|________ Paul Derbyshire
Programmer & Humanist|ICQ: 10423848|
