[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-users] Strange IPChains Log

Subject: [cobalt-users] Strange IPChains Log
From: Paul Warner <pwarner@xxxxxxxxxxxxxxxxxx>
Date: Thu Nov 21 15:49:30 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

I keep getting these logged (LOTS!) they are originating on many different
machines on port 53 headed for one of my IP port 1981.  Obviously I'm
knocking them down...there is a mention of 'ShockRave' that uses this as a
trojan communication port...chkrootkit says all is OK...am I paranoid or
rightfully concerned?  I can write a rule to not log it but still
deny...just strange that all of a sudden these started en masse.

Nov 21 18:27:27 aegis kernel: Packet log: input DENY eth0 PROTO=17
192.55.83.30:53 208 ###.###.###.###:1981 L=208 S=0x00 I=59474 F=0x0000 T=48
(#52)

Follow-Ups:
- RE: [cobalt-users] Strange IPChains Log
  - From: Dan Kriwitsky

Prev by Date: RE: [cobalt-users] htaccess on raq 550
Next by Date: Re: [cobalt-users] suspended website/email forwarding
Previous by thread: RE: [cobalt-users] htaccess on raq 550
Next by thread: RE: [cobalt-users] Strange IPChains Log

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index