'[Abacus] help'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       sentry
Subject:    [Abacus] help
From:       "Ian Campbell" <ianc () etoh ! dyndns ! org>
Date:       2001-05-30 3:23:06
[Download RAW message or body]

Hi guys,

I haven't really got a good grasp of ipchains or logcheck yet and the
following events have been occurring frequently on one of my servers.  Can
anyone shed some light on this.


Security Violations
=-=-=-=-=-=-=-=-=-=
May 29 13:04:55 MTN-AU-QLD-TOO-FW kernel: Packet log: forward DENY eth2
PROTO=6
10.0.0.106:1133 192.168.0.10:139 L=48 S=0x00 I=300 F=0x4000 T=127 SYN (#1)
May 29 13:44:46 MTN-AU-QLD-TOO-FW kernel: Packet log: forward DENY eth2
PROTO=6
10.0.0.106:1166 192.168.0.10:139 L=48 S=0x00 I=25855 F=0x4000 T=127 SYN (#1)

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
May 29 13:04:55 MTN-AU-QLD-TOO-FW kernel: Packet log: forward DENY eth2
PROTO=6
10.0.0.106:1133 192.168.0.10:139 L=48 S=0x00 I=300 F=0x4000 T=127 SYN (#1)
May 29 13:44:46 MTN-AU-QLD-TOO-FW kernel: Packet log: forward DENY eth2
PROTO=6
10.0.0.106:1166 192.168.0.10:139 L=48 S=0x00 I=25855 F=0x4000 T=127 SYN (#1)

and


Security Violations
=-=-=-=-=-=-=-=-=-=
May 29 16:29:04 MTN-AU-QLD-TOO-FW kernel: Packet log: forward DENY eth2
PROTO=6
10.0.0.106:1282 192.168.0.10:139 L=48 S=0x00 I=31338 F=0x4000 T=127 SYN (#1)
May 29 16:29:07 MTN-AU-QLD-TOO-FW kernel: Packet log: forward DENY eth2
PROTO=6
10.0.0.106:1282 192.168.0.10:139 L=48 S=0x00 I=31349 F=0x4000 T=127 SYN (#1)
May 29 16:48:45 MTN-AU-QLD-TOO-FW kernel: Packet log: forward DENY eth2
PROTO=6
10.0.0.106:1303 192.168.0.10:139 L=48 S=0x00 I=33048 F=0x4000 T=127 SYN (#1)

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
May 29 16:29:04 MTN-AU-QLD-TOO-FW kernel: Packet log: forward DENY eth2
PROTO=6
10.0.0.106:1282 192.168.0.10:139 L=48 S=0x00 I=31338 F=0x4000 T=127 SYN (#1)
May 29 16:29:07 MTN-AU-QLD-TOO-FW kernel: Packet log: forward DENY eth2
PROTO=6
10.0.0.106:1282 192.168.0.10:139 L=48 S=0x00 I=31349 F=0x4000 T=127 SYN (#1)
May 29 16:48:45 MTN-AU-QLD-TOO-FW kernel: Packet log: forward DENY eth2
PROTO=6
10.0.0.106:1303 192.168.0.10:139 L=48 S=0x00 I=33048 F=0x4000 T=127 SYN (#1)

and

Unusual System Events
=-=-=-=-=-=-=-=-=-=-=
May 29 04:02:00 MTN-AU-QLD-TOO-FW anacron[18596]: Updated timestamp for job
`cron.daily' to 2001-05-29


thanks,

Ian Campbell

_______________________________________________

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic