[prev in list] [next in list] [prev in thread] [next in thread]
List: netfilter
Subject: non-routable logs entries?
From: Ethan <old5chool () softhome ! net>
Date: 2001-02-14 5:33:26
[Download RAW message or body]
I have somebody out there hitting me from a webserver? how can one
track where these hits are coming from. this dude has hit every
possible port i have...grrr:
Feb 14 00:29:58 localhost kernel: Blocked Connection ppp0: IN=ppp0 OUT= MAC= \
SRC=10.1.35.2 DST=209.245.103.183 LEN=207 TOS=0x00 PREC=0x00 TTL=51 ID=45320 DF \
PROTO=TCP SPT=80 DPT=38138 WINDOW=16060 RES=0x00 ACK PSH FIN URGP=0
Feb 14 00:30:02 localhost kernel: Blocked Connection ppp0: IN=ppp0 OUT= MAC= \
SRC=10.1.35.2 DST=209.245.103.183 LEN=207 TOS=0x00 PREC=0x00 TTL=51 ID=46287 DF \
PROTO=TCP SPT=80 DPT=38142 WINDOW=16060 RES=0x00 ACK PSH FIN URGP=0
Feb 14 00:30:10 localhost kernel: Blocked Connection ppp0: IN=ppp0 OUT= MAC= \
SRC=10.1.35.2 DST=209.245.103.183 LEN=207 TOS=0x00 PREC=0x00 TTL=51 ID=48121 DF \
PROTO=TCP SPT=80 DPT=38141 WINDOW=16060 RES=0x00 ACK PSH FIN URGP=0
Feb 14 00:30:16 localhost kernel: Blocked Connection ppp0: IN=ppp0 OUT= MAC= \
SRC=10.1.35.2 DST=209.245.103.183 LEN=207 TOS=0x00 PREC=0x00 TTL=51 ID=49175 DF \
PROTO=TCP SPT=80 DPT=38146 WINDOW=16060 RES=0x00 ACK PSH FIN URGP=0
Feb 14 00:30:17 localhost kernel: Blocked Connection ppp0: IN=ppp0 OUT= MAC= \
SRC=10.1.35.2 DST=209.245.103.183 LEN=207 TOS=0x00 PREC=0x00 TTL=51 ID=49282 DF \
PROTO=TCP SPT=80 DPT=38145 WINDOW=16060 RES=0x00 ACK PSH FIN URGP=0
any ideas how to bust this loser in the future?
thanks -Ethan
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic