[ale] Hack Attempt

Zack Link zlink at slb.com
Mon Sep 30 09:10:20 EDT 2002


Actually that's DHCP.  With a netbios packet mixed in.

ZL



At 05:23 AM 9/29/2002 -0400, Jim Popovitch wrote:
>LOL! That's not an attack, that's DNS updates/queries.  You must have bind
>(named) running on that box.
>
>-Jim P.
>
> > -----Original Message-----
> > From: Stephen F Nicholas [mailto:syssfn at panther.Gsu.EDU]
> > Sent: Sunday, September 29, 2002 12:47 AM
> > To: ale at ale.org
> > Subject: [ale] Hack Attempt
> >
> >
> > Hello All,
> > I'm sitting here watching someone trying to break into my
> > machine.  ipchains is denying the packets.  This is not his/her first
> > attempt and the box, so far is secure.  They must be spoofing the address,
> > as nslookup and other tools return nothing.  Box is RH 7.2 patched for
> > what I offer (not much).  See Below:
> >
> > Sep 29 00:35:40 leroy kernel: Packet log: input DENY eth0 PROTO=17
> > 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=80 F=0x0000 T=128 (#9)
> > Sep 29 00:35:44 leroy kernel: Packet log: input DENY eth0 PROTO=17
> > 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=81 F=0x0000 T=128 (#9)
> > Sep 29 00:35:52 leroy kernel: Packet log: input DENY eth0 PROTO=17
> > 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=82 F=0x0000 T=128 (#9)
> > Sep 29 00:36:07 leroy kernel: Packet log: input DENY eth0 PROTO=17
> > 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=83 F=0x0000 T=128 (#9)
> > Sep 29 00:38:25 leroy su(pam_unix)[2597]: session closed for user root
> > Sep 29 00:40:59 leroy kernel: Packet log: input DENY eth0 PROTO=17
> > 169.254.254.19:138 169.254.255.255:138 L=229 S=0x00 I=84 F=0x0000 T=128
> > (#11)
> > Sep 29 00:41:17 leroy kernel: Packet log: input DENY eth0 PROTO=17
> > 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=85 F=0x0000 T=128 (#9)
> > Sep 29 00:41:21 leroy kernel: Packet log: input DENY eth0 PROTO=17
> > 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=86 F=0x0000 T=128 (#9)
> > Sep 29 00:41:30 leroy kernel: Packet log: input DENY eth0 PROTO=17
> > 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=87 F=0x0000 T=128 (#9)
> > Sep 29 00:41:47 leroy kernel: Packet log: input DENY eth0 PROTO=17
> > 0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=88 F=0x0000 T=128 (#9)
> >
> >
> > So far, just annoying, but....
> > Thoughts, concerns...
> >
> > Steve
> >
> > =======================================================
> > | Steve Nicholas             |                        |
> > | Software Systems Engineer  |  A risk is not a risk  |
> > | Georgia State University   |  until it is taken.    |
> > | snicholas at gsu.edu          |                        |
> > | 404-651-1062               |  BBROYGBVGW            |
> > =======================================================
> >
> >
> > ---
> > This message has been sent through the ALE general discussion list.
> > See http://www.ale.org/mailing-lists.shtml for more info.
> > Problems should be
> > sent to listmaster at ale dot org.
> >
> >
>
>
>
>---
>This message has been sent through the ALE general discussion list.
>See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
>sent to listmaster at ale dot org.


---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.






More information about the Ale mailing list