Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] SuSE-FW-OUTPUT-ERRORIN log
  • From: Ray Leach <raymondl@xxxxxxxxxxxxxxxxxxxxxx>
  • Date: Thu, 31 Jan 2002 17:49:08 +0200
  • Message-id: <20020131154857.0C8BE1E268@xxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu 31 Jan 02 16:45, mario libraro wrote:
> Hi to all listmates,
>
> I found these lines in /var/log/messages:
>
> Jan 31 11:51:20 goemon kernel: SuSE-FW-OUTPUT-ERRORIN= OUT=eth0 SRC=<my
> ip!> DST=<external ip 1> LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=19546
> PROTO=TCP SPT=45274 DPT=21 WINDOW=3072 RES=0x00 URGP=0 OPT
> (03030A0102040109080A3F3F3F3F000000000000)
>
Looks like <external ip 1> tried to ftp to your fw.

> Jan 31 12:01:53 goemon kernel: SuSE-FW-OUTPUT-ERRORIN= OUT=eth0 SRC=<my
> ip!> DST=<external ip 2> LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=49052
> PROTO=TCP SPT=54417 DPT=139 WINDOW=4096 RES=0x00 URGP=0 OPT
> (03030A0102040109080A3F3F3F3F000000000000)
>
Looks like <external ip 2> tried to ftp to your fw.

> <external ip 1> and <external ip 2> are from the same subnet but are
> different. Is this a spoofing attack or what?

Ray
- --
- ----------------------------------------------------------------------
Raymond Leach
Cell:+27-82-416-1410 Tel:+27-11-444-5006 Fax:+27-11-444-5007
eMail:raymondl@xxxxxxxxxxxxxxxxxxxxxx
www:http://www.knowledgefactory.co.za
Make money while you sleep! Visit http://www.quickinfo247.com/175692
"No matter where you go, there you are ..."
- ----------------------------------------------------------------------
- -----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GIT d- s:+ a- C++ UL++++/S++++/*++++ P+ L++ E-- W+++ !N !o !K w--- O-
M-- V-- !PS !PE Y-- PGP+++ t+@ 5- X+ R* tv+ b- DI++ D+ G e h* r++ z?
- ------END GEEK CODE BLOCK------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE8WWd0F1I6guFUFA0RAvQ1AJ9eB4EtbuhPEgw3HQXfl3KEPHQTRQCg26kB
KnFtLSUgs2w16vVAYEwvXwo=
=N+16
-----END PGP SIGNATURE-----

< Previous Next >
References