[Intrusions] Interesting attempts (I hope)
John Mulkerin
jmulkerin at keypointcu.com
Tue May 31 01:37:30 GMT 2005
Haven't finished analysis yet but I'm seeing a repeated attempt to compromise a DNS/SMPT server (192.168.99.10). Not sure what the attempt is. Any suggestions?
May 30 18:05:05 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.6:53 to 192.168.99.10 :61113, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:05:05)
May 30 18:05:05 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.6:3072 to 192.168.99.10 :3840, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:05:05)
May 30 18:05:05 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.6:55232 to 192.168.99.10 :4096, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:05:05)
May 30 18:05:10 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.6:53 to 192.168.99.10 :61113, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:05:10)
May 30 18:05:10 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.6:3840 to 192.168.99.10 :256, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:05:10)
May 30 18:05:20 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.6:53 to 192.168.99.10 :61113, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:05:20)
May 30 18:05:20 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.6:13878 to 192.168.99.10 :49168, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:05:20)
May 30 18:05:40 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.6:53 to 192.168.99.10 :61113, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:05:40)
May 30 18:05:40 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.6:3840 to 192.168.99.10 :256, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:05:40)
May 30 18:05:40 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.6:54720 to 192.168.99.10 :4096, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:05:40)
May 30 18:05:50 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.51:53 to 192.168.99.10 :61113, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:05:50)
May 30 18:05:50 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.51:3840 to 192.168.99.10 :256, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:05:50)
May 30 18:05:50 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.51:59584 to 192.168.99.10 :4096, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:05:50)
May 30 18:05:55 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.51:53 to 192.168.99.10 :61113, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:05:55)
May 30 18:05:55 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.51:3840 to 192.168.99.10 :256, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:05:55)
May 30 18:06:05 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.51:53 to 192.168.99.10 :61113, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:06:05)
May 30 18:06:05 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.51:3840 to 192.168.99.10 :256, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:06:05)
May 30 18:06:05 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.51:64960 to 192.168.99.10 :4096, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:06:05)
May 30 18:06:25 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.51:53 to 192.168.99.10 :61113, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:06:25)
May 30 18:06:25 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.51:3840 to 192.168.99.10 :256, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:06:25)
May 30 18:06:25 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.51:48320 to 192.168.99.10 :4096, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:06:25)
John
More information about the Intrusions
mailing list