[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Possible attack?

Subject: Re: [cobalt-users] Possible attack?
From: Gerald Waugh <gwaugh@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed Nov 13 03:53:01 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

On Wed, 13 Nov 2002, William J.A. Brillinger wrote:

> Our Co-lo firewall admin informed me today that I am getting a lot of
> deny's as listed below. Is this an attempted attack? What to do?
>
> Nov 12 23:30:03 polaris kernel: Packet log: inet-in DENY eth0 PROTO=17
> 216.158.54.
> 132:6277 64.42.222.18:3557 L=136 S=0x00 I=0 F=0x4000 T=44 (#1)

It's pretty common if an WIN/NT machine is on the network and
Linux boxes are used as routers/firewalls on these networks you'll catch
quite a few broadcasts that are sent out from them.

Linux is doing what it should be doing, NT is doing something it
shouldn't be doing.

You might want to turn off logging (-l) for that rule, if you cant get the
M$ machines to behave.

Gerald
--
http://frontstreetnetworks.com | http://raqware.com
Front Street Networks LLC  | Phone: +1 203-785-0699
229 Front Street, Ste. C, New Haven, CT. 06513-3203

References:
- [cobalt-users] Possible attack?
  - From: William J.A. Brillinger

Prev by Date: Re: [cobalt-users] Proftpd - Umask
Next by Date: [cobalt-users] DCC - was: Possible attack?
Previous by thread: [cobalt-users] Possible attack?
Next by thread: [cobalt-users] bind and recursion

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index