Mailinglist Archive: opensuse-security (520 mails)

< Previous Next >
Fwd: noah 12/09/00:01.45 system check
  • From: rjwohlfar@xxxxxxxxxxx
  • Date: Sat, 9 Dec 2000 21:50:40 -0500 (EST)
  • Message-id: <01aa51241020ac0APP01@xxxxxxxxxxxxxxxxxx>
I am trying to figure out if these log entries are an attack. Or if
the Squid proxy is causing them. I'd appreciate any suggestions on their
cause...

These entries have been appearing for over a month. And they
consistently appear every time I dial in (it's a dial-up ISP). The
source address is always 222.22.22.22:53 or 222.22.22.25:53.

The IP address 222.22.22.22 and 222.22.22.25 represent my ISP's DNS
servers. I changed their real addresses to "222.22.22.22/25". But the
log entries always come from the same two IP addresses.

This is a dial-up ISP. So my IP address changes everytime. I understand
that these packets are coming from port 53 (DNS). They always come
from port 53. But The target port will change every time I dial in. For
example, tomorrow the target address may be 222.22.22.44:111.

Is Squid nmaking some request, and the firewall blocks the response?
Thanks, in advance.

--
Robert Wohlfarth



------ Forwarded message ------
Dec 9 01:31:27 noah kernel: Packet log: input DENY ppp0 PROTO=17 222.22.22.22:53 222.22.22.11:1187 L=121 S=0x00 I=23121 F=0x0000 T=125 (#27)
Dec 9 01:31:32 noah kernel: Packet log: input DENY ppp0 PROTO=17 222.22.22.25:53 222.22.22.11:1187 L=121 S=0x00 I=27106 F=0x0000 T=126 (#27)
Dec 9 01:31:37 noah kernel: Packet log: input DENY ppp0 PROTO=17 222.22.22.22:53 222.22.22.11:1187 L=77 S=0x00 I=46417 F=0x0000 T=126 (#27)
Dec 9 01:31:40 noah kernel: Packet log: input DENY ppp0 PROTO=17 222.22.22.25:53 222.22.22.11:1187 L=77 S=0x00 I=16874 F=0x0000 T=126 (#27)
Dec 9 01:31:43 noah kernel: Packet log: input DENY ppp0 PROTO=17 222.22.22.22:53 222.22.22.11:1187 L=77 S=0x00 I=49233 F=0x0000 T=126 (#27)
Dec 9 01:31:49 noah kernel: Packet log: input DENY ppp0 PROTO=17 222.22.22.25:53 222.22.22.11:1187 L=77 S=0x00 I=15348 F=0x0000 T=126 (#27)
Dec 9 01:31:55 noah kernel: Packet log: input DENY ppp0 PROTO=17 222.22.22.22:53 222.22.22.11:1187 L=77 S=0x00 I=59473 F=0x0000 T=126 (#27)



< Previous Next >
This Thread
Follow Ups