Hi, On Wed, 8 Nov 2006 18:36:09 +0100 Anders Johansson <.> wrote:
> > Oct 12 21:53:40 moorczy kernel: SuSE-FW-DROP-ICMP-CRIT IN=ppp0 > > SRC=210.6.34.56 DST=145.236.115.203 LEN=56 TOS=0x00 PREC=0x00 TTL=42 > > ID=15399 PROTO=ICMP TYPE=5 CODE=1 GATEWAY=210.6.33.94 > > [ SRC=145.236.115.203 DST=210.6.33.94 LEN=46 TOS=0x00 PREC=0x00 TTL=40 > > ID=63342 DF PROTO=UDP SPT=1029 DPT=23792 LEN=26 ] > > This is an ICMP redirect, telling you that if you want to get to 210.6.33.94, > you need to use 210.6.33.94 as a gateway. It doesn't look like an attack > (hint: not everything dropped by your firewall is an 'attack') as much as a > misconfigured router (specifically the one with IP 210.6.34.56) Yes, thank you; in fact that is why I asked, because couldn't decide for sure, if its a real attack or not! Needless to say that this host in Hong Kong was very likely never visited by me or my family. Probably random try or was sup- posed to come against the comp previously using "our" dynamic IP. > > Oct 13 13:26:52 moorczy kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC= > > SRC=192.168.1.10 DST=145.236.212.120 LEN=48 TOS=0x00 PREC=0x00 TTL=127 > > ID=15580 DF PROTO=TCP SPT=1270 DPT=139 WINDOWS=8192 RES=0x00 SYN > > URGP=0 OPT (020405B401010402) > > This is a standard Win98 style NETBIOS network browse. Hmmm. I don't think that a Linux-only small network, hanging on a freenet provider would be normally contacted from outside with 192.168.1.x-type internal IP address. But the fact is that there every 20 seconds a kiddie or alike is knocking. Regards, Pelibali --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
