Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] Need some help!
On Sat, Jan 05, 2002 at 05:57:18PM +0100, Jochen Kaechelin wrote:
> Can someone analyse this for me:
>
> Jan 5 17:48:16 jochen kernel: Firewall:IN=ppp0 OUT= MAC=
you use a dialin modem (ppp0)
> SRC=131.188.3.220 DST=217.230.13.128 LEN=76 TOS=0x00 PREC=0x00
probably 1und1 account (DST)
there is a packet from (SRC) ntp0-rz.rrze.uni-erlangen.de
> TTL=245 ID=31737 DF PROTO=UDP SPT=123 DPT=123 LEN=56
to your port 123 which is ntp (DTP)
logged/denied.
>
> I'am a newbie and I don't know exactly what it means!
> Is it a attack?
no. (well, could be but *really* unrealistic ;) )
what i think:
you probably setup ntp service (network time protocol) to sync your
clock with uni-erlangen. but forget to allow the packets.
or the 'related' state of the firewall timed out for some reason.
or someone else did, syncing his machine while online, hungup, and you
got his ip on your dialup, receiving packets wich the other one
requested...

but i can of course be wrong.
lars

< Previous Next >
References