[ale] Hack Attempt

Stephen F Nicholas syssfn at panther.Gsu.EDU
Sun Sep 29 00:47:00 EDT 2002 

Hello All,
I'm sitting here watching someone trying to break into my
machine.  ipchains is denying the packets.  This is not his/her first
attempt and the box, so far is secure.  They must be spoofing the address,
as nslookup and other tools return nothing.  Box is RH 7.2 patched for
what I offer (not much).  See Below:

Sep 29 00:35:40 leroy kernel: Packet log: input DENY eth0 PROTO=17
0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=80 F=0x0000 T=128 (#9)
Sep 29 00:35:44 leroy kernel: Packet log: input DENY eth0 PROTO=17
0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=81 F=0x0000 T=128 (#9)
Sep 29 00:35:52 leroy kernel: Packet log: input DENY eth0 PROTO=17
0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=82 F=0x0000 T=128 (#9)
Sep 29 00:36:07 leroy kernel: Packet log: input DENY eth0 PROTO=17
0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=83 F=0x0000 T=128 (#9)
Sep 29 00:38:25 leroy su(pam_unix)[2597]: session closed for user root
Sep 29 00:40:59 leroy kernel: Packet log: input DENY eth0 PROTO=17
169.254.254.19:138 169.254.255.255:138 L=229 S=0x00 I=84 F=0x0000 T=128
(#11)
Sep 29 00:41:17 leroy kernel: Packet log: input DENY eth0 PROTO=17
0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=85 F=0x0000 T=128 (#9)
Sep 29 00:41:21 leroy kernel: Packet log: input DENY eth0 PROTO=17
0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=86 F=0x0000 T=128 (#9)
Sep 29 00:41:30 leroy kernel: Packet log: input DENY eth0 PROTO=17
0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=87 F=0x0000 T=128 (#9)
Sep 29 00:41:47 leroy kernel: Packet log: input DENY eth0 PROTO=17
0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=88 F=0x0000 T=128 (#9)


So far, just annoying, but....
Thoughts, concerns...

Steve

=======================================================
| Steve Nicholas             |                        |
| Software Systems Engineer  |  A risk is not a risk  |
| Georgia State University   |  until it is taken.    | 
| snicholas at gsu.edu          |                        |
| 404-651-1062               |  BBROYGBVGW            |
=======================================================


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list