Security Incidents mailing list archives
Re: Weird Incoming IP's and port numbers.
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Mon, 27 Aug 2001 23:18:51 +0200 (CEST)
On Sun, 26 Aug 2001, West P. wrote:
I'm using @home internet cable. I have the linksys cable router + 4 port switch. This splits the connection to 3 computers in the house. DHCP is turned off. The Internal IPs are 192.168.1.x (2,3,4)... Over the past day I received a couple of weird INCOMING entries in the log. DATE TIME SCR SCR_PORT DEST DEST_PORT 08/25/2001 13:24:52 192.168.1.8 80 <my ip address> 3976 08/25/2001 19:04:42 192.168.1.16 80 <my ip address> 4319 08/25/2001 23:25:38 192.168.1.9 80 <my ip address> 4450
My guess is that someone in your neighborhood is leaking out these packets. Quite likely because someone is being used as amplifier. Hugo. -- All email send to me is bound to the rules described on my homepage. hvdkooij () vanderkooij org http://hvdkooij.xs4all.nl/ Don't meddle in the affairs of sysadmins, for they are subtle and quick to anger. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Weird Incoming IP's and port numbers. West P. (Aug 27)
- Re: Weird Incoming IP's and port numbers. Hugo van der Kooij (Aug 29)
- Re: Weird Incoming IP's and port numbers. West P. (Aug 29)
- <Possible follow-ups>
- RE: Weird Incoming IP's and port numbers. NESTING, DAVID M (SBCSI) (Aug 29)
- RE: Weird Incoming IP's and port numbers. Vachon, Scott (Aug 29)
- RE: Weird Incoming IP's and port numbers. NESTING, DAVID M (SBCSI) (Aug 30)