Re: Strange packets
On Wed, May 12, 1999 at 04:15:03PM +0000, Jochen Wiedmann wrote:
>
> Hi,
>
> one of our machines ("office") was suddenly causing a *real* lot of
> strange traffic, causing quite some costs. Tcpdump showed the
Hi,
I'm fairly beginner with Linux (just 2 years) and I have not been attacked
(with success) yet (I have a good packet filter firewall ;-)
> 13:53:46.171012 office > 62.236.92.1: (frag 35482:1480@38480+)
> 13:53:46.171012 office > 62.236.92.1: (frag 35482:1480@37000+)
It looks bad... (perhaps I am wrong)
You do not explain if "office" is Linux too, or Windogs machine...
If Linux and there is no connect line in the log file '/var/log/daemon.log'
the attacker may have succeeded in the attack, get root and erased "guilty"
entries in the logs...
You seem not to have a firewall, did you restricted access to your services
in "office" with /etc/hosts.allow and /etc/hosts.deny (tcp-wrappers) ?
If you were really attacked take a look to the doc "backdoors" in rootshell
to have an idea of what kind of things could you find in your system...
Best regards,
--
--------------------------------
Manel Marin e-mail: manel3@apdo.com
Linux Powered (Debian 2.0)
--------------------------------
Reply to: