[vox-tech] Attempted access -- I think

Wed, 13 Jun 2001 21:04:45 -0700 

I haven't had much of a firewall set up (laziness coupled with too
little time), but I added a few lines to ipchains the other day, mostly
a set that blocked 192.168.x.x from outside the network.  Lo! and
behold!  I get these interesting entries that suggest my system has been
compromised.  The attached text is from syslog, and has been repeated,
along with other variants, ever since I added those lines.

What should I do now?  There is no obvious way in which my system has
been affected, but I notice that these entries are use the bootp ports
(67 and 68), so I am quite suspicious.

Any ideas would be most helpful.

Sorry for using an attachment -- I still haven't gotten around to
jettisoning Netscape and using a proper mail system.  Maybe security
ought to come first?

TIA

Cam


-- 
Cam Ellison Ph.D. R.Psych.
>From Roberts Creek on B.C.'s incomparable Sunshine Coast
[EMAIL PROTECTED]
[EMAIL PROTECTED]

Jun 13 16:44:28 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
192.168.177.11:67 255.255.255.255:68 L=328 S=0x00 I=48460 F=0x0000 T=128 (#1)
Jun 13 16:44:28 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
192.168.177.10:67 255.255.255.255:68 L=328 S=0x00 I=20131 F=0x0000 T=128 (#1)
Jun 13 16:50:13 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
192.168.177.11:67 255.255.255.255:68 L=328 S=0x00 I=7509 F=0x0000 T=128 (#1)
Jun 13 16:50:13 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
192.168.177.10:67 255.255.255.255:68 L=328 S=0x00 I=26278 F=0x0000 T=128 (#1)
Jun 13 17:03:38 treehouse -- MARK --
Jun 13 17:08:47 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
192.168.0.1:5005 255.255.255.255:5005 L=44 S=0x00 I=27137 F=0x0000 T=128 (#1)
Jun 13 17:23:38 treehouse -- MARK --
Jun 13 17:41:33 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
192.168.190.3:1052 255.255.255.255:38293 L=44 S=0x00 I=46693 F=0x0000 T=32 (#1)
Jun 13 17:41:33 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
192.168.190.3:1052 255.255.255.255:38293 L=44 S=0x00 I=46949 F=0x0000 T=32 (#1)
Jun 13 17:41:33 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
192.168.190.3:1052 255.255.255.255:38293 L=44 S=0x00 I=47717 F=0x0000 T=32 (#1)
Jun 13 17:41:33 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
192.168.190.3:1052 255.255.255.255:38293 L=44 S=0x00 I=47973 F=0x0000 T=32 (#1)
Jun 13 17:41:33 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
192.168.190.3:1052 255.255.255.255:38293 L=44 S=0x00 I=48741 F=0x0000 T=32 (#1)
Jun 13 17:41:33 treehouse kernel: Packet log: eth-in DENY eth1 PROTO=17 
192.168.190.3:1052 255.255.255.255:38293 L=44 S=0x00 I=48997 F=0x0000 T=32 (#1)

Reply via email to