[TriLUG] New worm on the wild?
Sinner from the Prairy
sinner at escomposlinux.org
Tue Nov 26 09:58:19 EST 2002
All,
Anyone has seen this kind of traffic in your logs?
I've seen this 612 entries (just from today!!):
# grep DROP ../messages | grep "Nov 26" | wc
612 14072 157774
(... beginning of excerpt ...)
Nov 26 08:49:36 LinuxServer kernel: Shorewall:net2all:DROP:IN=eth0 OUT=
MAC=*:*:*:*:*:*:*:*:*:*:*:*:*:* SRC=
24.79.193.95 DST=*.*.*.* LEN=48 TOS=0x00 PREC=0x00 TTL=113 ID=17188 DF
PROTO=TCP SPT=2939 DPT=2531 WINDOW=16384 RE
S=0x00 SYN URGP=0
Nov 26 09:10:52 LinuxServer kernel: Shorewall:net2all:DROP:IN=eth0 OUT=
MAC=*:*:*:*:*:*:*:*:*:*:*:*:*:* SRC=
65.40.234.60 DST=*.*.*.* LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=49508 DF
PROTO=TCP SPT=53436 DPT=34375 WINDOW=5840 RE
S=0x00 SYN URGP=0
Nov 26 09:11:38 LinuxServer kernel: Shorewall:net2all:DROP:IN=eth0 OUT=
MAC=*:*:*:*:*:*:*:*:*:*:*:*:*:* SRC=
65.40.234.60 DST=*.*.*.* LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=29153 DF
PROTO=TCP SPT=62331 DPT=34377 WINDOW=5840 RE
S=0x00 SYN URGP=0
Nov 26 09:15:35 LinuxServer kernel: Shorewall:net2all:DROP:IN=eth0 OUT=
MAC=*:*:*:*:*:*:*:*:*:*:*:*:*:* SRC=
217.230.122.137 DST=*.*.*.* LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=35814
DF PROTO=TCP SPT=16218 DPT=2531 WINDOW=1638
4 RES=0x00 SYN URGP=0
Nov 26 09:15:38 LinuxServer kernel: Shorewall:net2all:DROP:IN=eth0 OUT=
MAC=*:*:*:*:*:*:*:*:*:*:*:*:*:* SRC=
217.230.122.137 DST=*.*.*.* LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=35936
DF PROTO=TCP SPT=16218 DPT=2531 WINDOW=1638
4 RES=0x00 SYN URGP=0
(... end excerpt ...)
Salut,
Sinner
--
http://www.ibiblio.org/sinner/
[MaDuiXa PoWeR] http://www.maduixa.net
Linux User # 89976 Linux Machine # 38068
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
URL: <http://www.trilug.org/pipermail/trilug/attachments/20021126/52086696/attachment.pgp>
More information about the TriLUG
mailing list