since september 24, I got these messages in /var/log/kern.log, and all my console login(tty1-tty7) full of thoses messages: Sep 25 23:28:50 gate kernel: IN=eth0 OUT=eth0 SRC=172.20.112.1 DST=172.20.113.60 LEN=41 TOS=0x00 PREC=0x00 TTL=63 ID=46529 DF PROTO=TCP SPT=8080 DPT=1060 WINDOW=6432 RES=0x00 ACK PSH URGP=0 Sep 25 23:28:55 gate kernel: IN=eth0 OUT=eth0 SRC=172.20.112.1 DST=172.20.113.60 LEN=41 TOS=0x00 PREC=0x00 TTL=63 ID=56975 DF PROTO=TCP SPT=8080 DPT=1039 WINDOW=6432 RES=0x00 ACK PSH URGP=0 Sep 25 23:28:55 gate kernel: IN=eth0 OUT=eth0 SRC=172.20.112.1 DST=172.20.113.60 LEN=1500 TOS=0x00 PREC=0x00 TTL=63 ID=60232 DF PROTO=TCP SPT=8080 DPT=4244 WINDOW=6432 RES=0x00 ACK URGP=0 Sep 25 23:29:05 gate kernel: IN=eth0 OUT=eth0 SRC=172.20.112.1 DST=172.20.113.60 LEN=41 TOS=0x00 PREC=0x00 TTL=63 ID=2720 DF PROTO=TCP SPT=8080 DPT=1065 WINDOW=6432 RES=0x00 ACK PSH URGP=0 Sep 25 23:29:07 gate kernel: IN=eth0 OUT=eth0 SRC=172.20.112.1 DST=172.20.113.60 LEN=1500 TOS=0x00 PREC=0x00 TTL=63 ID=60233 DF PROTO=TCP SPT=8080 DPT=4244 WINDOW=6432 RES=0x00 ACK URGP=0 Sep 25 23:29:07 gate kernel: IN=eth0 OUT=eth0 SRC=172.20.112.1 DST=172.20.113.60 LEN=41 TOS=0x00 PREC=0x00 TTL=63 ID=52918 DF PROTO=TCP SPT=8080 DPT=4928 WINDOW=6432 RES=0x00 ACK PSH URGP=0 Sep 25 23:29:10 gate kernel: IN=eth0 OUT=eth0 SRC=172.20.112.1 DST=172.20.113.60 LEN=560 TOS=0x00 PREC=0x00 TTL=63 ID=50755 DF PROTO=TCP SPT=8080 DPT=4925 WINDOW=6432 RES=0x00 ACK PSH URGP=0 Those message wills stop when the client (172.20.113.60) is shutdown (between 09.00AM and 04PM). But this day I could check those client because his room is locked:-( I tried iptables -I INPUT -s 172.20.113.60 -p all -j DROP in gateway computer (172.20.112.1), but I still got those message. The same way for squid computer (172.20.113.180) coz I suspected that it tried to access 8080 I used Debian 3.0r0 kernel 2.4.18bf TIA
Attachment:
signature.asc
Description: Digital signature