[olug] port scan from dns?????????
Vincent
vraffensberger at home.com
Thu Feb 15 04:35:50 UTC 2001
I wouldn't be concerned with it. It may be a misconfigured DNS server
or some feature if it's MS-DNS. Here's some nice fw rules I came across
today though:
http://www.linux.com/tuneup/database.phtml/Networking/2192.html
Mike McNally wrote:
>
> Do these lines that appeared in my kern.log immediately after going online indicate a little
> harmless intrusion from my dns IP: 198.83.19.241 initiated by my isp, or is it an attack?
> And how do you tell the difference? Thanks. I still need to get around to reading more from
> the ipchainshowto... but this set of denials was particularly long, so I'm a little concerned.
> Normally port 1025 is scanned, but I tried putting netcat on port 1025 and then the scan or
> whatever, from the dns would come in on 1026...????????? Thanks in advance.
>
> Feb 14 22:16:06 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.241:53 209.252.176.29:1025 L=120 S=0x00 I=10684 F=0x0000 T=26 (#13)
> Feb 14 22:16:11 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.244:53 209.252.176.29:1025 L=120 S=0x00 I=50131 F=0x0000 T=60 (#13)
> Feb 14 22:16:12 p120 kernel: Packet log: input DENY ppp0 PROTO=6 208.216.183.15:80 209.252.176.29:4634 L=48 S=0x00 I=21188 F=0x4000 T=52 (#13)
> Feb 14 22:16:16 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.241:53 209.252.176.29:1025 L=120 S=0x00 I=12157 F=0x0000 T=26 (#13)
> Feb 14 22:16:21 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.244:53 209.252.176.29:1025 L=120 S=0x00 I=44683 F=0x0000 T=26 (#13)
> Feb 14 22:16:26 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.241:53 209.252.176.29:1025 L=120 S=0x00 I=12004 F=0x0000 T=26 (#13)
> Feb 14 22:16:30 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.241:53 209.252.176.29:61000 L=191 S=0x00 I=13356 F=0x0000 T=26 (#13)
> Feb 14 22:16:35 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.244:53 209.252.176.29:61000 L=191 S=0x00 I=49453 F=0x0000 T=26 (#13)
> Feb 14 22:16:36 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.244:53 209.252.176.29:1025 L=120 S=0x00 I=17732 F=0x0000 T=26 (#13)
> Feb 14 22:16:41 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.241:53 209.252.176.29:61000 L=191 S=0x00 I=20223 F=0x0000 T=26 (#13)
> Feb 14 22:16:46 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.244:53 209.252.176.29:61000 L=191 S=0x00 I=21761 F=0x0000 T=26 (#13)
> Feb 14 22:16:46 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.241:53 209.252.176.29:1025 L=120 S=0x00 I=19504 F=0x0000 T=26 (#13)
> Feb 14 22:16:52 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.241:53 209.252.176.29:61000 L=191 S=0x00 I=21714 F=0x0000 T=26 (#13)
> Feb 14 22:16:59 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.244:53 209.252.176.29:61000 L=191 S=0x00 I=25246 F=0x0000 T=26 (#13)
> Feb 14 22:17:00 p120 kernel: Packet log: input DENY ppp0 PROTO=6 208.216.183.15:80 209.252.176.29:4634 L=48 S=0x00 I=31942 F=0x4000 T=52 (#13)
> Feb 14 22:17:06 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.244:53 209.252.176.29:1025 L=120 S=0x00 I=60611 F=0x0000 T=26 (#13)
> Feb 14 22:17:07 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.241:53 209.252.176.29:61000 L=191 S=0x00 I=39215 F=0x0000 T=26 (#13)
> Feb 14 22:17:17 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.244:53 209.252.176.29:61000 L=191 S=0x00 I=3248 F=0x0000 T=60 (#13)
> Feb 14 22:17:27 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.241:53 209.252.176.29:1025 L=207 S=0x00 I=2176 F=0x0000 T=26 (#13)
> Feb 14 22:17:28 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.241:53 209.252.176.29:61001 L=148 S=0x00 I=2695 F=0x0000 T=26 (#13)
> Feb 14 22:17:31 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.244:53 209.252.176.29:1025 L=207 S=0x00 I=32751 F=0x0000 T=26 (#13)
> Feb 14 22:17:33 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.244:53 209.252.176.29:61001 L=148 S=0x00 I=7596 F=0x0000 T=60 (#13)
> Feb 14 22:17:36 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.241:53 209.252.176.29:1025 L=207 S=0x00 I=5705 F=0x0000 T=26 (#13)
> Feb 14 22:17:39 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.241:53 209.252.176.29:61001 L=148 S=0x00 I=35970 F=0x0000 T=26 (#13)
> Feb 14 22:17:41 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.244:53 209.252.176.29:1025 L=207 S=0x00 I=7430 F=0x0000 T=26 (#13)
> Feb 14 22:17:44 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.244:53 209.252.176.29:61001 L=148 S=0x00 I=8460 F=0x0000 T=26 (#13)
> Feb 14 22:17:46 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.241:53 209.252.176.29:1025 L=207 S=0x00 I=49796 F=0x0000 T=26 (#13)
> Feb 14 22:17:50 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.241:53 209.252.176.29:61001 L=148 S=0x00 I=38907 F=0x0000 T=26 (#13)
> Feb 14 22:17:56 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.244:53 209.252.176.29:1025 L=207 S=0x00 I=52461 F=0x0000 T=26 (#13)
> Feb 14 22:17:57 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.244:53 209.252.176.29:61001 L=148 S=0x00 I=14166 F=0x0000 T=60 (#13)
> Feb 14 22:18:05 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.241:53 209.252.176.29:61001 L=148 S=0x00 I=49113 F=0x0000 T=26 (#13)
> Feb 14 22:18:07 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.241:53 209.252.176.29:1025 L=207 S=0x00 I=49649 F=0x0000 T=26 (#13)
> Feb 14 22:18:15 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.244:53 209.252.176.29:61001 L=148 S=0x00 I=45827 F=0x0000 T=26 (#13)
> Feb 14 22:18:26 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.244:53 209.252.176.29:1025 L=207 S=0x00 I=22149 F=0x0000 T=60 (#13)
> Feb 14 22:18:47 p120 kernel: Packet log: input DENY ppp0 PROTO=17 198.83.19.241:53 209.252.176.29:1025 L=158 S=0x00 I=29936 F=0x0000 T=26 (#13)
> --
>
> Mike McNally mmcnally3 at prodigy.net
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: olug-unsubscribe at bstc.net
> For additional commands, e-mail: olug-help at bstc.net
---------------------------------------------------------------------
To unsubscribe, e-mail: olug-unsubscribe at bstc.net
For additional commands, e-mail: olug-help at bstc.net
More information about the OLUG
mailing list