[Dshield] What were the hackers trying to do?

KJS_Public kjs_public at sbcglobal.net
Mon Mar 3 11:43:13 GMT 2003


I'm new to Dshield and I'm just curious.

In this first example the hacker has spoofed their IP address with a private address. What are they doing?

------------------------------------------------------------------------------------------------------------------------

3/3/2003 3:55:59 AM,Kevin,"This one time, the user has chosen to ""block"" communications.","This one time, the user has chosen to ""block"" communications. Inbound UDP packet Local address,service is (testadler-i1(999.999.190.58),ms-sql-m(1434)) Remote address,service is (10.0.1.40,1502) Process name is ""N/A"""

Rejected: Source IP (010.000.001.040) is filtered

------------------------------------------------------------------------------------------------------------------------

In this example the hacker has used an "Echo Request". What are they doing?

------------------------------------------------------------------------------------------------------------------------

3/3/2003 2:54:46 AM,Kevin,"Rule ""Default Block Inbound and Outbound ICMP"" blocked (24.233.166.253,8).","Rule ""Default Block Inbound and Outbound ICMP"" blocked (24.233.166.253,8). Inbound ICMP request Local address is (testadler-i1(999.999.190.58)) Remote address is (24.233.166.253) Message type is ""Echo Request"" Process name is ""N/A"""

Not a valid log line for our purposes.

------------------------------------------------------------------------------------------------------------------------

Thank you in advance for any information/help provided.


More information about the list mailing list