29Jun2009 (UTC +8) On Mon, Jun 29, 2009 at 09:41, Danny Ching<[email protected]> wrote: > Is my network under attack?
It depends on how you define "attack". If somebody is just scanning your network, doing reconnaissance work, then it's just a pre-cursor to an attack. Analogy I often use is that scanning is simply "someone checking if your doors or windows are open or locked." Now, if somebody is actively exploiting an vulnerability found, then my analogy is "someone walked inside your unlocked door" or "somebody climbed in your open window", and that is an attack. But if that same "scanning" work is drowning out everything on your network with too many packets, making things unbearable or at least disruptive, then you're being DoS'ed and that is an attack. Based on your info below, I'm guessing you have a DLink router, and someone is simply slow scanning your DSL. It happens all the time. Off the top of my head, I don't know what UDP/21218 is for. Unless you have a detailed packet capture, there is not enough info to chew on. > I have the following log from my router. > > Monday June 29, 2009 09:33:59 Unrecognized attempt blocked from > 212.118.142.74:25801 to x.x.x.x UDP:21218 > Monday June 29, 2009 09:33:59 Unrecognized attempt blocked from > 202.161.75.110:19532 to x.x.x.x UDP:21218 > Monday June 29, 2009 09:34:00 Unrecognized attempt blocked from > 142.165.130.226:35204 to x.x.x.x UDP:21218 > Monday June 29, 2009 09:34:00 Unrecognized attempt blocked from > 80.184.5.226:19250 to x.x.x.x UDP:21218 > Monday June 29, 2009 09:34:02 Unrecognized attempt blocked from > 212.118.142.74:25801 to x.x.x.x UDP:21218 > Monday June 29, 2009 09:34:02 Unrecognized attempt blocked from > 93.86.218.101:59572 to x.x.x.x UDP:21218 > Monday June 29, 2009 09:34:04 Unrecognized attempt blocked from > 80.184.5.226:19250 to x.x.x.x UDP:21218 > Monday June 29, 2009 09:34:05 Unrecognized attempt blocked from > 212.118.142.74:25801 to x.x.x.x UDP:21218 > Monday June 29, 2009 09:34:06 Unrecognized attempt blocked from > 82.134.233.161:60237 to x.x.x.x UDP:21218 > Monday June 29, 2009 09:34:08 Unrecognized attempt blocked from > 86.97.151.93:63060 to x.x.x.x UDP:21218 > > Anybody know why my port 21218 is so significant? What is it used for? Drexx Laggui -- CISA, CISSP, CFE Associate, ISO27001 LA, CCSI, CSA http://www.laggui.com ( Singapore / Manila / California ) Computer forensics; Penetration testing; QMS & ISMS developers; K-Transfer PGP fingerprint = 6E62 A089 E3EA 1B93 BFB4 8363 FFEC 3976 FF31 8A4E _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
