Seems like a normal portscan, like the one shields up does.....
On 08 Apr 2003 11:52:50 +0100 Ricardo Sousa <[EMAIL PROTECTED]> wrote: > hi. I'm getting some alerts in my log files, and i getting worry. > The logs are some like this: > > In /var/log/syslog,i'm getting this: > > Apr 8 01:01:37 zeus kernel: DENIED PORT:IN=eth1 OUT= MAC=xyz > SRC=y.y.y.y DST=x.x.x.x. LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=5462 DF > PROTO=TCP SPT=2276 DPT=6001 WINDOW=16384 RES=0x00 SYN URGP=0 > > Apr 8 01:01:37 zeus kernel: DENIED PORT:IN=eth1 OUT= MAC=xyz > SRC=y.y.y.y DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=5465 DF > PROTO=TCP SPT=2279 DPT=12345 WINDOW=16384 RES=0x00 SYN URGP=0 > > Apr 8 01:01:37 zeus kernel: DENIED PORT:IN=eth1 OUT= MAC=xyz > SRC=y.y.y.y DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=5466 DF > PROTO=TCP SPT=2280 DPT=20034 WINDOW=16384 RES=0x00 SYN URGP=0 > > Apr 8 01:01:37 zeus kernel: DENIED PORT:IN=eth1 OUT= MAC=xyz > SRC=y.y.y.y DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=5468 DF > PROTO=TCP SPT=2282 DPT=27374 WINDOW=16384 RES=0x00 SYN URGP=0 > > it seems that my firewall it's blocking some scans =), but then in my > /var/log/auth.log i get this: > > Apr 8 01:08:37 zeus sshd[9972]: warning: /etc/hosts.deny, line 15: > can't verify hostname: gethostbyname(ip.domain.pt) failed > Apr 8 01:08:37 zeus sshd[9972]: refused connect from 212.113.170.192 > Apr 8 01:09:06 zeus sshd[1600]: warning: /etc/hosts.deny, line 15: > can't verify hostname: gethostbyname(ip.domain.pt) failed > Apr 8 01:09:06 zeus sshd[1600]: refused connect from 212.113.170.192 > > well, what this attack (i think that i can call it that), it's trying to > do? > Thanks in advantage, > Ricardo > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > >
