[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Strange IPChains Log

Subject: RE: [cobalt-users] Strange IPChains Log
From: "Dan Kriwitsky" <list1@xxxxxxxxxxxxxxxxxxxx>
Date: Thu Nov 21 16:32:00 2002
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

> I keep getting these logged (LOTS!) they are originating on 
> many different machines on port 53 headed for one of my IP 
> port 1981.  Obviously I'm knocking them down...there is a 
> mention of 'ShockRave' that uses this as a trojan 
> communication port...chkrootkit says all is OK...am I 
> paranoid or rightfully concerned?  I can write a rule to not 
> log it but still deny...just strange that all of a sudden 
> these started en masse.
> 
> Nov 21 18:27:27 aegis kernel: Packet log: input DENY eth0 
> PROTO=17 192.55.83.30:53 208 ###.###.###.###:1981 L=208 
> S=0x00 I=59474 F=0x0000 T=48
> (#52)
> 
http://www.dshield.org/ports/port53.html
m.gtld-servers.net [192.55.83.30]
-- 
Dan Kriwitsky

Please reply to the list only. Offlist replies are not read.

Follow-Ups:
- Re: [cobalt-users] Strange IPChains Log
  - From: Paul Warner

References:
- [cobalt-users] Strange IPChains Log
  - From: Paul Warner

Prev by Date: [cobalt-users] Root folder junked
Next by Date: RE: [cobalt-users] Root folder junked
Previous by thread: [cobalt-users] Strange IPChains Log
Next by thread: Re: [cobalt-users] Strange IPChains Log

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index