Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

a lot of spoofed traffic for port 8, does anybody recon this?

From: Mikael Fors <mf () MORADATORER SE>
Date: Wed, 9 May 2001 10:54:00 +0200
Last 24 hours I've been receiving a lot of strange packets on my public interface. Log has been sanitized.

May  9 10:03:36 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.22.2:0 L=60 S=0x00 I=29112 
F=0x0000 T=126 (#24)
May  9 10:03:36 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.22.2:0 L=60 S=0x00 I=29113 
F=0x0000 T=127 (#24)
May  9 10:03:39 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.22.2:0 L=60 S=0x00 I=29117 
F=0x0000 T=127 (#24)
May  9 10:04:06 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.5.1:0 L=60 S=0x00 I=29177 
F=0x0000 T=126 (#24)
May  9 10:04:06 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.5.1:0 L=60 S=0x00 I=29178 
F=0x0000 T=127 (#24)
May  9 10:04:09 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.5.1:0 L=60 S=0x00 I=29185 
F=0x0000 T=127 (#24)
May  9 10:04:33 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.255.1:0 L=60 S=0x00 I=29235 
F=0x0000 T=126 (#24)
May  9 10:04:33 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.255.1:0 L=60 S=0x00 I=29236 
F=0x0000 T=127 (#24)
May  9 10:04:36 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.255.1:0 L=60 S=0x00 I=29243 
F=0x0000 T=127 (#24)

These packets started trickling here about 48 hours ago, and I have no clue what it can be. What resides on port 8 and 
why ICMP??? All of these packets arrive on the public interface, and contains private networks, mostly 192.168.x.x 
networks, but also 172.x.x.x networks show up.

Mikael Fors
Mora Datorer AB
Previous By Date Next
Previous By Thread Next

Current thread: