[prev in list] [next in list] [prev in thread] [next in thread] 

List:       netfilter
Subject:    non-routable logs entries?
From:       Ethan <old5chool () softhome ! net>
Date:       2001-02-14 5:33:26
[Download RAW message or body]

I have somebody out there hitting me from a webserver?  how can one
track where these hits are coming from.  this dude has hit every 
possible port i have...grrr:

Feb 14 00:29:58 localhost kernel: Blocked Connection ppp0:  IN=ppp0 OUT= MAC= \
SRC=10.1.35.2 DST=209.245.103.183 LEN=207 TOS=0x00 PREC=0x00 TTL=51 ID=45320 DF \
                PROTO=TCP SPT=80 DPT=38138 WINDOW=16060 RES=0x00 ACK PSH FIN URGP=0 
Feb 14 00:30:02 localhost kernel: Blocked Connection ppp0:  IN=ppp0 OUT= MAC= \
SRC=10.1.35.2 DST=209.245.103.183 LEN=207 TOS=0x00 PREC=0x00 TTL=51 ID=46287 DF \
                PROTO=TCP SPT=80 DPT=38142 WINDOW=16060 RES=0x00 ACK PSH FIN URGP=0 
Feb 14 00:30:10 localhost kernel: Blocked Connection ppp0:  IN=ppp0 OUT= MAC= \
SRC=10.1.35.2 DST=209.245.103.183 LEN=207 TOS=0x00 PREC=0x00 TTL=51 ID=48121 DF \
                PROTO=TCP SPT=80 DPT=38141 WINDOW=16060 RES=0x00 ACK PSH FIN URGP=0 
Feb 14 00:30:16 localhost kernel: Blocked Connection ppp0:  IN=ppp0 OUT= MAC= \
SRC=10.1.35.2 DST=209.245.103.183 LEN=207 TOS=0x00 PREC=0x00 TTL=51 ID=49175 DF \
                PROTO=TCP SPT=80 DPT=38146 WINDOW=16060 RES=0x00 ACK PSH FIN URGP=0 
Feb 14 00:30:17 localhost kernel: Blocked Connection ppp0:  IN=ppp0 OUT= MAC= \
SRC=10.1.35.2 DST=209.245.103.183 LEN=207 TOS=0x00 PREC=0x00 TTL=51 ID=49282 DF \
PROTO=TCP SPT=80 DPT=38145 WINDOW=16060 RES=0x00 ACK PSH FIN URGP=0 

any ideas how to bust this loser in the future?


thanks -Ethan


[prev in list] [next in list] [prev in thread] [next in thread]