Mailinglist Archive: opensuse-security (232 mails)

< Previous Next >
Re: [suse-security] Strange log entries
  • From: Brad Bendily <brad@xxxxxxxx>
  • Date: Thu, 6 Oct 2005 10:21:56 -0500 (CDT)
  • Message-id: <Pine.LNX.4.44.0510061020050.11719-100000@xxxxxxxxxxxxxxx>


> 211.136.182.106:46312/80 shrinks window 3980592615:3980594075. Repaired.
> Oct 5 19:38:43 linux2 kernel: klogd 1.4.1, ---------- state change
> ----------
> Oct 5 19:38:43 linux2 kernel: Inspecting /boot/System.map-2.4.20-64GB-SMP
> Oct 5 19:38:43 linux2 kernel: Loaded 21295 symbols from
> /boot/System.map-2.4.20-64GB-SMP.
> Oct 5 19:38:43 linux2 kernel: Symbols match kernel version 2.4.20.
> Oct 5 19:38:43 linux2 kernel: Loaded 1624 symbols from 31 modules.
> Oct 5 19:38:44 linux2 kernel: TCP: Treason uncloaked! Peer
> 211.136.182.106:46312/80 shrinks window 3980592615:3980594075. Repaired.
> Oct 5 19:38:46 linux2 kernel: TCP: Treason uncloaked! Peer
> 211.136.182.106:46312/80 shrinks window 3980592615:3980594075. Repaired.
>
>
> Not sure what this means.
>
> When I found these this morning, I went snooping on the system.
> rkhunter and chkrootkit show nothing unusual. I don't see anything
> unusual anywhere except netstat showed a bunch of connects to tcp port
> 22 from 218.103.185.218 in TimeWait state. They went away after I
> restarted NCFTPD(yes, I am using a third party ftp server) a couple of
> times. Not sure if these are related or if someone was trying a DoS
> attack on ftp.

Port 22 is usually ssh, unless you changed this in your FTP configs?

Port 21 is the standard FTP port.

BB


< Previous Next >
This Thread
Follow Ups
References