Can someone analyse this for me: Jan 5 17:48:16 jochen kernel: Firewall:IN=ppp0 OUT= MAC= SRC=131.188.3.220 DST=217.230.13.128 LEN=76 TOS=0x00 PREC=0x00 TTL=245 ID=31737 DF PROTO=UDP SPT=123 DPT=123 LEN=56 I'am a newbie and I don't know exactly what it means! Is it a attack? -- Jochen
Can someone analyse this for me:
Jan 5 17:48:16 jochen kernel: Firewall:IN=ppp0 OUT= MAC= you use a dialin modem (ppp0) SRC=131.188.3.220 DST=217.230.13.128 LEN=76 TOS=0x00 PREC=0x00
On Sat, Jan 05, 2002 at 05:57:18PM +0100, Jochen Kaechelin wrote: probably 1und1 account (DST) there is a packet from (SRC) ntp0-rz.rrze.uni-erlangen.de
TTL=245 ID=31737 DF PROTO=UDP SPT=123 DPT=123 LEN=56 to your port 123 which is ntp (DTP) logged/denied.
I'am a newbie and I don't know exactly what it means! Is it a attack? no. (well, could be but *really* unrealistic ;) ) what i think: you probably setup ntp service (network time protocol) to sync your clock with uni-erlangen. but forget to allow the packets. or the 'related' state of the firewall timed out for some reason. or someone else did, syncing his machine while online, hungup, and you got his ip on your dialup, receiving packets wich the other one requested...
but i can of course be wrong. lars
participants (2)
-
Jochen Kaechelin
-
l.g.e@web.de