[Intrusions] Interesting attempts (I hope)
Andrew Rucker Jones
arjones at simultan.dyndns.org
Tue May 31 04:14:01 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Get some packets and check what else is going on at the same time.
Honestly, it looks more like a misconfiguration or a poorly programmed
host than an attack. I'll be interested in seeing what else You come up
with.
-&
John Mulkerin wrote:
> Haven't finished analysis yet but I'm seeing a repeated attempt to compromise a DNS/SMPT server (192.168.99.10). Not sure what the attempt is. Any suggestions?
> May 30 18:05:05 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.6:53 to 192.168.99.10 :61113, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:05:05)
...
> May 30 18:06:25 192.168.1.4 pix01: device_id=pix01 [Root]system-critical-00440: Fragmented traffic! From 142.46.146.51:48320 to 192.168.99.10 :4096, proto UDP (zone Untrust, int ethernet1). Occurred 1 times. (2005-05-30 18:06:25)
>
> John
- --
GPG key / Schlüssel -- http://simultan.dyndns.org/~arjones/gpgkey.txt
Encrypt everything. / Alles verschlüsseln.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFCm+SGoI7tqy5bNGMRAgxmAKClXlNbWq6OzoyKphNawxqp4u+cggCeLEG1
62RYMqLTy69ecfmtXtYszeM=
=p05X
-----END PGP SIGNATURE-----
More information about the Intrusions
mailing list