|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Alex Charalabidis (alex
wnm.net)Date: Wed May 02 2001 - 14:34:17 CDT
On Tue, 1 May 2001, Everett F Batey wrote:
> Dear FreeBSD Security Guru,
>
> I need some guidance. My employer with which I have had problems over
> the past 5 years has suggested I (or my IP) am(/is) trying to attack
> hisIP space on UPD 111, and sent me the below attached log file.
>
> >
> > May 1 07:19:51 209.239.229.90:111 -> 137.24.124.222:65422 UDP
> > May 1 07:19:51 209.239.229.90:111 -> 137.24.124.222:65423 UDP
Oddly enough, I got a virtually identical complaint today regarding
traffic to a Dutch network we've never had transactions with before,
apparently originating from an unassigned IP address that was briefly used
by a Linux test machine on our network.
I haven't had time to investigate myself but a colleague mentioned the
possibility of something meant to confuse/overload IDS systems as a
smokescreen for real attacks.
-ac
-- =================================================================== Alex Charalabidis Worldspice Technologies 5050 Poplar Ave. Memphis, TN, USA +1 901 432 6000 Opinions expressed are mine alone but may be yours for a small fee. ===================================================================To Unsubscribe: send mail to majordomo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]