[CLUE-Tech] Question on firewall output
ian
iguy at ionsphere.org
Sat Mar 24 08:48:09 MST 2001
Correct.
Someone probed your port 12345 (a known weakness if you have that app running).
You sent back an ICMP error message (the DENY) to the originating host.
Unless you have a bunch more (assuming those DENY & REJECTS are configured
to log) log messages, someone at 24.180.153.167 (another @HOME address in PA)
scanned that one port.
That's what that means.
ian
On Sat, Mar 24, 2001 at 07:32:45AM -0700, Jeffery C. Cann wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Greetings.
>
> All of the recent talk about security got me to look at my logs (I haven't
> for about 4 months). I noticed about 35 syslog entries that have the
> following messages:
>
> Packet log: input DENY eth0 PROTO=6 24.180.153.167:3339 24.6.231.152:12345
> L=52 S=0x00 I=25643 F=0x4000 T=54 SYN (#37)
>
> I am on the @home network (24.6...). It looks like this is a simple port
> scan. Is it? I understand that the packet triggered one of my 'ipchains'
> deny rules. I am looking for additional information.
>
> Thanks
> Jeff
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.4 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
>
> iEYEARECAAYFAjq8sBUACgkQw3/GBQk72kAO1gCeKiHQ7L5wX43o7qCXw9futyW4
> gWIAnR3/oKZ/TCKDlCdTIhCTIVCYGUUj
> =aSUw
> -----END PGP SIGNATURE-----
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list