Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 05 Apr 2000 00:54:33 GMT
From:      mike@sentex.net (Mike Tancsa)
To:        stanb@netcom.com (Stan Brown)
Cc:        freebsd-net@freebsd.org
Subject:   Re: I am being atacked!
Message-ID:  <38ea8d15.431384518@mail.sentex.net>
In-Reply-To: <SEN.954888249.859364752@news.sentex.net>
References:  <SEN.954888249.859364752@news.sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
On 4 Apr 2000 18:44:09 -0400, in sentex.lists.freebsd.net you wrote:

>	I have started getting the following messages in /var/log/messages:
>
>Apr  4 02:55:10 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:42671 24.6.61.166:119 in via ed1
>Apr  4 02:55:11 koala /kernel: ipfw: 2800 Deny TCP 24.0.94.130:43376 24.6.61.166:119 in via ed1

Thats authorized-scan.security.home.net looking at your machine for open
news relays...

>Apr  4 02:58:21 koala portsentry[336]: attackalert: Connect from host: c453341-a.pinol1.sfba.home.com/24.6.255.50 to UDP port: 161

Someone looking for SNMP. Pretty common.  Actually, its one of the
'underrated' back doors IMHO... There are WAY too many devices that default
to "public" and "private"... Can you imagine a UNIX box shipping with a
default account named "guest" with the password "guest".  Welcome to the
world of SNMP :-(

>Apr  4 02:58:21 koala /kernel: arplookup 0.0.0.0 failed: host is not on local network
>Apr  4 02:58:21 koala /kernel: arpresolve: can't allocate llinfo for 0.0.0.0rt

Did you give yourself a netmask of 0 or something ?

>
>	What's going on?

what does ifconfig -a and netstat -nra look like ?  If you are worried
about using your real IP addresses, translate them into 169.254.247.0-254,
but be consistent.

	---Mike

Mike Tancsa  (mdtancsa@sentex.net)		
Sentex Communications Corp,   		
Waterloo, Ontario, Canada
"Given enough time, 100 monkeys on 100 routers 
could setup a national IP network." (KDW2)


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?38ea8d15.431384518>