Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: [suse-security] compromised?
  • From: Nix <suse@xxxxxxxxxxxxxxx>
  • Date: Fri, 09 Feb 2001 15:26:56 +1100
  • Message-id: <5.0.2.1.0.20010209152420.04b437f8@xxxxxxxxxxxxxxxxxxxx>
At 02:57 PM 9/02/2001, you wrote:
On Thu, 08 Feb 2001, Achim Ehrlich wrote:

> Hello list,
>
> i'm running a little homenetwork and scan my messages only occasionally.
> Today i found, that my var/log/messages was flodded with the following
> messages from
> ipchains:
>
> Jan 24 00:00:58 coalmine kernel: Packet log: input DENY ppp0 PROTO=6
> 213.93.2.117:64834 213.23.38.146:6346 L=48 S=0x00 I=11174 F=0x4000 T=107
> SYN(#3)
> Jan 24 00:00:59 coalmine kernel: Packet log: input DENY ppp0 PROTO=6
> 168.95.0.198:38071 213.23.38.146:6346 L=44 S=0x00 I=46941 F=0x4000 T=237
> SYN(#3)

Is some unsupervised kid with an 'security tool'
syn-flooding him with spoofed source addresses? It seems
his box is easily withstanding this, until his log fills the
disk.

possibly, I get junk like this hitting my firewalls constantly both at home,
at work and at clients. Some of the banks I work for obviously get alot more
than my cablemodem at home, but I still get >100 lines per hour of logs
on my cable. It's nothing to be overly worried about

logrotate nicely takes care of excess logs :-)

Cheers

---
Nix - nix@xxxxxxxxxxxxxxxx
http://www.susesecurity.com


< Previous Next >
References