Mailinglist Archive: opensuse-security (511 mails)

< Previous Next >
Re:Re: [suse-security] INFORMATION
  • From: Ricardo Romero <ricromero@xxxxxxxxxx>
  • Date: Sat, 11 Aug 2001 14:25:20 -0300 (BRT)
  • Message-id: <200108111725.OAA00116@xxxxxxxxxxxxxxxxxx>
Hi, John and ALL.

Thanks for explanation, but i´m using SuSE 7.1, and this log was originaly from my Linux BOX.

>>On Friday 10 August 2001 20:12, Ricardo Romero wrote:
>[snip]
>> Aug 10 20:05:59 ricromero kernel: Packet log: rulchain REJECT eth0
>> PROTO=6 200.207.153.166:4215 MY_IP_ADDRESS:80 L=48 S=0x00 I=29432
>> F=0x4000 T=121 SYN (#5)
>
>[snip]
>
>Hi,
>
>REJECT -> which rule set was used
>eth0 -> which interface the request arrived on
>PROTO=6 -> what protocol (TCP - see /etc/protocols for more)
>200.207.153.166:4215 -> IP address of origination of request, their port 4215
>MY_IP_ADDRESS:80 -> request sent to your port 80 (http)
>     see /etc/services for more
>L=48 -> length of packet, in octets
>S=0x00 -> packet is fragmentable, but not a fragment
>I=29432 -> IP identifier, for reassembling fragmented packets
>F=0x4000 -> fragment offset, also for reassembling fragmented packets
>T=121 -> time to live for packet, in seconds
>(#5) -> which reject rule was applied
>
>
>Probably a Code Red infected Win 2K/NT IIS system looking for new victims.
>You really have to wonder what the IIS admins have been doing.
>
>John
>
>
>--
>To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
>For additional commands, e-mail: suse-security-help@xxxxxxxx
>

[]'s Ricardo Romero

< Previous Next >
Follow Ups