[no subject]
hi. I'm getting some alerts in my log files, and i getting worry.
The logs are some like this:
In /var/log/syslog,i'm getting this:
Apr 8 01:01:37 zeus kernel: DENIED PORT:IN=eth1 OUT= MAC=xyz
SRC=y.y.y.y DST=x.x.x.x. LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=5462 DF
PROTO=TCP SPT=2276 DPT=6001 WINDOW=16384 RES=0x00 SYN URGP=0
Apr 8 01:01:37 zeus kernel: DENIED PORT:IN=eth1 OUT= MAC=xyz
SRC=y.y.y.y DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=5465 DF
PROTO=TCP SPT=2279 DPT=12345 WINDOW=16384 RES=0x00 SYN URGP=0
Apr 8 01:01:37 zeus kernel: DENIED PORT:IN=eth1 OUT= MAC=xyz
SRC=y.y.y.y DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=5466 DF
PROTO=TCP SPT=2280 DPT=20034 WINDOW=16384 RES=0x00 SYN URGP=0
Apr 8 01:01:37 zeus kernel: DENIED PORT:IN=eth1 OUT= MAC=xyz
SRC=y.y.y.y DST=x.x.x.x LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=5468 DF
PROTO=TCP SPT=2282 DPT=27374 WINDOW=16384 RES=0x00 SYN URGP=0
it seems that my firewall it's blocking some scans =), but then in my
/var/log/auth.log i get this:
Apr 8 01:08:37 zeus sshd[9972]: warning: /etc/hosts.deny, line 15:
can't verify hostname: gethostbyname(ip.domain.pt) failed
Apr 8 01:08:37 zeus sshd[9972]: refused connect from 212.113.170.192
Apr 8 01:09:06 zeus sshd[1600]: warning: /etc/hosts.deny, line 15:
can't verify hostname: gethostbyname(ip.domain.pt) failed
Apr 8 01:09:06 zeus sshd[1600]: refused connect from 212.113.170.192
well, what this attack (i think that i can call it that), it's trying to
do?
Thanks in advantage,
Ricardo
Reply to: