OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Wieland Gmeiner (e8607062student.tuwien.ac.at)
Date: Wed Aug 08 2001 - 19:40:58 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Dear List!

    Since a week my /var/log/firewall and /var/log/messages
    are filled with messages like:

    Aug 1 22:10:05 w1 kernel: Packet log: input DENY eth0
    PROTO=6 211.180.162.4:1160 my.ip.adr.ess:80 L=48 S=0x00
    I=30700 F=0x4000 T=102 SYN (#45)

    [...]

    Aug 1 23:05:20 w1 kernel: Packet log: input DENY eth0
    PROTO=6 66.121.126.100:56329 my.ip.adr.ess:80 L=48 S=0x00
    I=3174 F=0x4000 T=110 SYN (#45)

    [...]

    Aug 1 23:08:05 w1 kernel: Packet log: output DENY eth0
    PROTO=1 my.ip.adr.ess:3 195.34.133.10:3 L=197 S=0xC0 I=0
    F=0x4000 T=255 (#3)

    [...]

    Aug 2 02:10:54 w1 kernel: Packet log: input DENY eth0
    PROTO=6 24.4.21.38:17866 my.ip.adr.ess:6346 L=48 S=0x00
    I=39364 F=0x4000 T=112 SYN (#45)

    Aug 2 02:10:54 w1 kernel: Packet log: input DENY eth0
    PROTO=6 209.242.202.196:1774 my.ip.adr.ess:6346 L=48
    S=0x00 I=45860 F=0x4000 T=108 SYN (#45)

    Aug 2 02:10:55 w1 kernel: Packet log: input DENY eth0
    PROTO=6 209.180.113.163:1041 my.ip.adr.ess:6346 L=48
    S=0x00 I=47104 F=0x4000 T=108 SYN (#45)

    [...]

    Aug 2 16:38:12 w1 kernel: Packet log: input ACCEPT eth0
    PROTO=1 194.133.14.51:8 my.ip.adr.ess:0 L=1500 S=0x00
    I=46353 F=0x4000 T=239 (#7)

    [...]

    Aug 9 00:44:28 w1 kernel: Packet log: input DENY eth0
    PROTO=6 62.178.73.229:2158 my.ip.adr.ess:80 L=48 S=0x00
    I=22362 F=0x4000 T=124 SYN (#45)

    Aug 9 00:44:34 w1 kernel: Packet log: input DENY eth0
    PROTO=6 62.178.73.229:2158 my.ip.adr.ess:80 L=48 S=0x00
    I=22806 F=0x4000 T=124 SYN (#45)

    Aug 9 00:54:19 w1 kernel: Packet log: input DENY eth0
    PROTO=6 62.178.6.213:3155 my.ip.adr.ess:80 L=48 S=0x00
    I=46114 F=0x4000 T=124 SYN (#45)

    Aug 9 00:54:22 w1 kernel: Packet log: input DENY eth0
    PROTO=6 62.178.6.213:3155 my.ip.adr.ess:80 L=48 S=0x00
    I=46321 F=0x4000 T=124 SYN (#45)

    [...]

    By far the most of them (and there are plenty) are of the type

    ... input DENY eth0 PROTO=6 some.foreign.ip.adress:some_port
    my.ip.adr.ess:another_port ... SYN ...

    Does this mean i'm being scanned?

    Could someone of you be so kind and explain their meaning to me
    or point me to an explanation?

    I am running a single Linux box with SuSE 7.2/2.2.4, SuSEfirewall
    installed.

    Thanks in advance,
    Wieland 

    -- 
To unsubscribe, e-mail: suse-security-unsubscribesuse.com
For additional commands, e-mail: suse-security-helpsuse.com