On 12/03/12 11:33, Per Jessen wrote:
Bob Williams wrote:
On 12/03/12 09:54, Per Jessen wrote:
Bob Williams wrote:
Last night, I noticed a regular pattern of blips in gkrellm's eth0 monitor. There were no internet active programs, such as e-mail or web browser running, so I started Wireshark to see what was happening.
Apart from the expected chatter between this machine and the router, the following two lines repeated over and over, and it is continuing on rebooting the machine this morning:
Source Destination Protocol Info 217.14.132.183 192.168.1.14 SIP Status: 100 Trying (0 bindings) 217.14.132.183 192.168.1.14 SIP Status: 401 Unauthorized (0 bindings)
Is this entirely innocent, or should I contact abuse@Domainmaster (see below)?
Perhaps not entirely innocent (SIP attempts for VoIP), but I would have thought your firewall should be blocking such traffic?
Really? I do run skype from time to time, and have tried out ekiga, so maybe the SIP protocol is allowed.
Skype is proprietary, I don't know what ekiga does. SIP is "Session Initiation Protocol" for standard VoIP. My Asterisk telephone server is regularly flooded by SIP requests, bordering on a DoS attack.
Ekiga is a SIP client.
The only services I have explicitly allowed in YaST Firewall Configuration are Rsync server, Secure Shell server and xntp server.
I would expect that to mean that the SIP traffic is dropped or rejected. Maybe check your firewall log.
Well, the firewall log gives much the same information as wireshark. Although it's irritating, I don't think I'm vulnerable so I'll just monitor things for the time being. The last time something like this happened I was being attacked through ssh port 22, but they were definitely trying a dictionary attack with various username & password combinations.
All the above traffic seems to be one way, in other words, I never see my machine sending a reply, I am always the destination, never the source.
Maybe gkrellm is reporting on traffic before the firewall drops it.
Maybe Thanks, Bob -- Bob Williams System: Linux 3.1.9-1.4-desktop Distro: openSUSE 12.1 (x86_64) with KDE Development Platform: 4.7.2 (4.7.2) "release 5" Uptime: 18:00pm up 5 days 0:29, 3 users, load average: 0.23, 0.15, 0.14 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org