On Saturday 30 November 2002 23:26, Lorne wrote:
> I am kind of confused. I just rebuilt my mandrake security firewall. Snort
> didn't install correctly. It did on the second attempt. Now the system has
> been up for 4 hours approximately and it looks like perhaps I'm already in
> trouble!?!?!?!
> /snort/portscan.log:Nov 30 17:15:03 xxx.3.247.xxx:1024 -> 68.2.16.30:53 UDP
> /snort/portscan.log:Nov 30 17:15:03 xxx.3.247.xxx:1024 -> 68.2.16.30:53 UDP
> /snort/portscan.log:Nov 30 17:15:11 xxx.3.247.xxx:1024 -> 68.2.16.30:53 UDP
>
> The first IP address is me! According to snort, I'm attacking this other
> address? This makes no sense to me. how could my box be compromised in less
> than 12 hours flat if it is set to high security? Incidentally that second
> IP is the one that has been attacking me, so my guess is I'm mis reading
> this. ?? Help!
Judging by your e-mail address your ISP is Cox isn't it? If so, I wouldn't get
too excited over this "hack" if I were you. It looks to me like your system
is trying to communicate with your ISP's DNS server. You will probably want
to change your configuration to allow this traffic.
------
whois whois.arin.net 68.2.16.30:
Cox Communications Inc. COX-ATLANTA (NET-68-0-0-0-1)
68.0.0.0 - 68.15.255.255
Cox Communications, Inc PHRDC-68-2-0-0 (NET-68-2-0-0-1)
68.2.0.0 - 68.3.255.255
# ARIN Whois database, last updated 2002-11-30 19:05
# Enter ? for additional hints on searching ARIN's Whois database.
------
--
Tim C
[EMAIL PROTECTED]
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
