RE: Unusual logging

2002-03-21 Thread petes
new to ipchains any help would be appreciated. Regards Pete -Original Message- From: Noah L. Meyerhans [mailto:[EMAIL PROTECTED] Sent: Friday, 22 March 2002 11:27 AM To: Jay Kline Cc: Debian Security List Subject: Re: Unusual logging On Thu, Mar 21, 2002 at 06:12:02PM -0600, Jay Kline

RE: Unusual logging

2002-03-21 Thread petes
new to ipchains any help would be appreciated. Regards Pete -Original Message- From: Noah L. Meyerhans [mailto:[EMAIL PROTECTED]] Sent: Friday, 22 March 2002 11:27 AM To: Jay Kline Cc: Debian Security List Subject: Re: Unusual logging On Thu, Mar 21, 2002 at 06:12:02PM -0600, Jay Kline

Re: Unusual logging

2002-03-21 Thread Noah L. Meyerhans
On Thu, Mar 21, 2002 at 06:12:02PM -0600, Jay Kline wrote: > What seems odd to me is the the yyy IP is originating from such a low port > (3) which means the system is most likely not unix or windows (or at least > not standard apps), unless using some specific application. Anyone know of > one

Re: Unusual logging

2002-03-21 Thread Jay Kline
What seems odd to me is the the yyy IP is originating from such a low port (3) which means the system is most likely not unix or windows (or at least not standard apps), unless using some specific application. Anyone know of one that does this? If you want to be on the lookout for port scans,

Re: Unusual logging

2002-03-21 Thread Tim Haynes
[EMAIL PROTECTED] writes: > Packet log: input DENY eth0 PROTO=1 yyy.y.yy.yy:3 xxx.xx.xxx.xxx:13 L=56 > S=0x00 I=29688 F=0x T=244 (#30) > > It's the :13 part that I found unusual, A little research has revealed > that it may be an attempt to fingerprint our system to see what is > available. I

Re: Unusual logging

2002-03-21 Thread Noah L. Meyerhans
On Thu, Mar 21, 2002 at 06:12:02PM -0600, Jay Kline wrote: > What seems odd to me is the the yyy IP is originating from such a low port > (3) which means the system is most likely not unix or windows (or at least > not standard apps), unless using some specific application. Anyone know of > one

Unusual logging

2002-03-21 Thread petes
This has been appearing in our kern.log over the last 4 days. Never had a problem with this particular port before then. Nothing has been changed (AFAIK) to the system. It's Debian, we never have to touch it :-) Packet log: input DENY eth0 PROTO=1 yyy.y.yy.yy:3 xxx.xx.xxx.xxx:13 L=56 S=0x00 I=2968

Re: Unusual logging

2002-03-21 Thread Jay Kline
What seems odd to me is the the yyy IP is originating from such a low port (3) which means the system is most likely not unix or windows (or at least not standard apps), unless using some specific application. Anyone know of one that does this? If you want to be on the lookout for port scans

Re: Unusual logging

2002-03-21 Thread Tim Haynes
[EMAIL PROTECTED] writes: > Packet log: input DENY eth0 PROTO=1 yyy.y.yy.yy:3 xxx.xx.xxx.xxx:13 L=56 > S=0x00 I=29688 F=0x T=244 (#30) > > It's the :13 part that I found unusual, A little research has revealed > that it may be an attempt to fingerprint our system to see what is > available. I

Unusual logging

2002-03-21 Thread petes
This has been appearing in our kern.log over the last 4 days. Never had a problem with this particular port before then. Nothing has been changed (AFAIK) to the system. It's Debian, we never have to touch it :-) Packet log: input DENY eth0 PROTO=1 yyy.y.yy.yy:3 xxx.xx.xxx.xxx:13 L=56 S=0x00 I=296