Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Please help identify this traffic

From: "Ralf G. R. Bergs" <rabe () RWTH-Aachen DE>
Date: Thu, 9 Nov 2000 11:27:04 +0100
Hi there,

can anyone shed light on what might be causing the following traffic?

input DENY eth0 PROTO=17 137.226.aaa.bb:1045 137.226.255.255:5405 L=64 S=
0x00 I=60730 F=0x0000 T=128 (#38)
input DENY eth0 PROTO=17 137.226.aaa.bb:1045 137.226.255.255:7445 L=64 S=
0x00 I=60986 F=0x0000 T=128 (#38)
input DENY eth0 PROTO=17 137.226.aaa.bb:1045 137.226.255.255:5405 L=64 S=
0x00 I=61242 F=0x0000 T=128 (#38)
input DENY eth0 PROTO=17 137.226.aaa.bb:1045 137.226.255.255:7445 L=64 S=
0x00 I=61498 F=0x0000 T=128 (#38)
input DENY eth0 PROTO=17 137.226.aaa.bb:1045 137.226.255.255:5405 L=64 S=
0x00 I=62266 F=0x0000 T=128 (#38)
input DENY eth0 PROTO=17 137.226.aaa.bb:1045 137.226.255.255:7445 L=64 S=
0x00 I=62522 F=0x0000 T=128 (#38)
input DENY eth0 PROTO=17 137.226.aaa.cc:1035 137.226.255.255:5405 L=64 S=
0x00 I=59918 F=0x0000 T=128 (#38)
input DENY eth0 PROTO=17 137.226.aaa.cc:1035 137.226.255.255:7445 L=64 S=
0x00 I=60174 F=0x0000 T=128 (#38)
input DENY eth0 PROTO=17 137.226.aaa.cc:1035 137.226.255.255:5405 L=64 S=
0x00 I=60942 F=0x0000 T=128 (#38)
input DENY eth0 PROTO=17 137.226.aaa.cc:1035 137.226.255.255:7445 L=64 S=
0x00 I=61198 F=0x0000 T=128 (#38)
input DENY eth0 PROTO=17 137.226.aaa.cc:1035 137.226.255.255:5405 L=64 S=
0x00 I=62222 F=0x0000 T=128 (#38)
input DENY eth0 PROTO=17 137.226.aaa.cc:1035 137.226.255.255:7445 L=64 S=
0x00 I=62478 F=0x0000 T=128 (#38)

It started yesterday, and I'm always seeing this very same pattern.

Thanks,

Ralf


--
Sign the EU petition against SPAM:          L I N U X       .~.
http://www.politik-digital.de/spam/        The  Choice      /V\
                                            of a  GNU      /( )\
                                           Generation      ^^-^^
Previous By Date Next
Previous By Thread Next

Current thread: