Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
snort Alert
  • From: Dietmar Strasdat <earthmate@xxxxxxx>
  • Date: Fri, 25 Jan 2002 13:12:18 +0100
  • Message-id: <582048777015.20020125131218@xxxxxxx>
Hello List,
today i view my logs for warnings and other Problems with my
Router Kernel 2.2.19 on SuSE 7.0
Snort alerts me following messages

[**] FTP99cmp [**]
01/25-12:49:02.510018 172.16.2.5:56704 -> 172.16.2.6:1492
UDP TTL:58 TOS:0x0 ID:45067
Len: 8

[**] Back Door [**]
01/25-12:49:02.921419 172.16.2.5:56704 -> 172.16.2.6:1999
UDP TTL:58 TOS:0x0 ID:5981
Len: 8

[**] iNi Killer/Phase Zero/Stealth Spy [**]
01/25-12:49:03.645493 172.16.2.5:56704 -> 172.16.2.6:555
UDP TTL:58 TOS:0x0 ID:27091
Len: 8

[**] Remote Grab [**]
01/25-12:49:04.464164 172.16.2.5:56704 -> 172.16.2.6:7000
UDP TTL:58 TOS:0x0 ID:16456
Len: 8

[**] Shivka-Burka [**]
01/25-12:49:05.683546 172.16.2.5:56704 -> 172.16.2.6:1600
UDP TTL:58 TOS:0x0 ID:28222
Len: 8

[**] Hackers Paradise [**]
01/25-12:49:05.809637 172.16.2.5:56704 -> 172.16.2.6:31
UDP TTL:58 TOS:0x0 ID:65451
Len: 8

[**] Silencer, WebEX [**]
01/25-12:49:06.161501 172.16.2.5:56704 -> 172.16.2.6:1001
UDP TTL:58 TOS:0x0 ID:45491
Len: 8

[**] Ripper Pro [**]
01/25-12:49:06.525815 172.16.2.5:56704 -> 172.16.2.6:2023
UDP TTL:58 TOS:0x0 ID:18956
Len: 8

[**] Trojan Cow [**]
01/25-12:49:06.558256 172.16.2.5:56704 -> 172.16.2.6:2001
UDP TTL:58 TOS:0x0 ID:60477
Len: 8

[**] Sockets De Troie [**]
01/25-12:49:06.579138 172.16.2.5:56704 -> 172.16.2.6:5000
UDP TTL:58 TOS:0x0 ID:8426
Len: 8

[**] Attempted Sun RPC high port access [**]
01/25-12:49:06.623967 172.16.2.5:56704 -> 172.16.2.6:32771
UDP TTL:58 TOS:0x0 ID:41745
Len: 8

[**] Sockets De Troie [**]
01/25-12:49:06.655303 172.16.2.5:56704 -> 172.16.2.6:5001
UDP TTL:58 TOS:0x0 ID:30473
Len: 8

[**] Hackers Paradise [**]
01/25-12:49:07.470151 172.16.2.5:56704 -> 172.16.2.6:456
UDP TTL:58 TOS:0x0 ID:49981
Len: 8

[**] Back Orifice [**]
01/25-12:49:07.915080 172.16.2.5:56704 -> 172.16.2.6:31337
UDP TTL:58 TOS:0x0 ID:8186
Len: 8

[**] Satanz Backdoor [**]
01/25-12:49:08.362728 172.16.2.5:56704 -> 172.16.2.6:666
UDP TTL:58 TOS:0x0 ID:9630
Len: 8

172.16.2.5 is my Router IP, in the firewall i have set tcp and udp highports
enabled.

The 172.16.2.6 is a win client in my home LAN.

nmap to the client 172.16.2.6 offers following open ports

Port State Service
135/tcp open loc-srv
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open listen

135/udp open loc-srv
137/udp open netbios-ns
138/udp open netbios-dgm
445/udp open microsoft-ds
500/udp open isakmp

Do I have a problem?

--
Best regards,
Dietmar mailto:earthmate@xxxxxxx


< Previous Next >
This Thread
  • No further messages