RE: Am I being hacked ??

Fri, 16 Feb 2001 05:35:47 -0800 

Looks to me like your machine (202.85.188.98) is trying to send a multicast
packet to the 224 network, but your firewall is preventing it...  If you are
not running something which generates multicst packets, then it's possible
you've been hacked & the hacker has set up a daemon on your machine...

> -----Original Message-----
> From: Mark Lo [SMTP:[EMAIL PROTECTED]]
> Sent: Friday, February 16, 2001 8:26 AM
> To:   [EMAIL PROTECTED]
> Subject:      Am I being hacked ??
> 
> Hi,
> 
>       Am I being Hacked ??  What is wrong with the following log files.
> 
> >From my ipchains scripts:  I have the following:
> 
> ipchains -A output -i $external_interface -d $class_d_multicast -j REJECT
> -l
> 
> and in the log files: I have the following:
> 
> 
> Feb 14 15:40:35 dns1 kernel: Packet log: input REJECT eth0 PROTO=17
> 202.85.188.98:1985 224.0.0.2:1985 L=48 S=0xC0 I=0 F=0x0000 T=2 (#13) 
> 
> Feb 14 15:40:36 dns1 kernel: Packet log: input REJECT eth0 PROTO=89
> 202.85.188.99:65535 224.0.0.5:65535 L=64 S=0xC0 I=34913 F=0x0000 T=1 (#13)
> 
> 
> Feb 14 15:40:37 dns1 kernel: Packet log: input REJECT eth0 PROTO=17
> 202.85.188.99:1985 224.0.0.2:1985 L=48 S=0xC0 I=0 F=0x0000 T=2 (#13) 
> 
> Feb 14 15:40:37 dns1 kernel: Packet log: input REJECT eth0 PROTO=89
> 202.85.188.99:65535 224.0.0.5:65535 L=68 S=0xC0 I=34928 F=0x0000 T=1 (#13)
> 
> 
> Feb 14 15:40:38 dns1 kernel: Packet log: input REJECT eth0 PROTO=17
> 202.85.188.98:1985 224.0.0.2:1985 L=48 S=0xC0 I=0 F=0x0000 T=2 (#13) 
> 
> Feb 14 15:40:38 dns1 kernel: Packet log: input REJECT eth0 PROTO=89
> 202.85.188.98:65535 224.0.0.5:65535 L=68 S=0xC0 I=18740 F=0x0000 T=1 (#13)
> 
> 
> Feb 14 15:40:39 dns1 kernel: Packet log: input REJECT eth0 PROTO=17
> 202.85.188.99:1985 224.0.0.2:1985 L=48 S=0xC0 I=0 F=0x0000 T=2 (#13) 
> 
> Feb 14 15:40:40 dns1 kernel: Packet log: input REJECT eth0 PROTO=17
> 202.85.188.98:1985 224.0.0.2:1985 L=48 S=0xC0 I=0 F=0x0000 T=2 (#13) 
> 
> Feb 14 15:40:42 dns1 kernel: Packet log: input REJECT eth0 PROTO=17
> 202.85.188.99:1985 224.0.0.2:1985 L=48 S=0xC0 I=0 F=0x0000 T=2 (#13) 
> 
> Feb 14 15:40:43 dns1 kernel: Packet log: input REJECT eth0 PROTO=17
> 202.85.188.98:1985 224.0.0.2:1985 L=48 S=0xC0 I=0 F=0x0000 T=2 (#13) 
>   .. .
>   ....
> . ...
> 
> _______________________________________________
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list

Reply via email to