Unusual logging
This has been appearing in our kern.log over the last 4 days. Never had a
problem with this particular port before then. Nothing has been changed
(AFAIK) to the system. It's Debian, we never have to touch it :-)
Packet log: input DENY eth0 PROTO=1 yyy.y.yy.yy:3 xxx.xx.xxx.xxx:13 L=56
S=0x00 I=29688 F=0x0000 T=244 (#30)
It's the :13 part that I found unusual, A little research has revealed that
it may be an attempt to fingerprint our system to see what is available. I
was lead to believe that this is the Timeday port. Is this correct ? xxx is
our public IP address. And yyy is the remote IP address that is making the
contact.
Many thanks for any ideas.
Pete Schmidt
Warner Village
################################################################################
This Communication and any files transmitted with it are intended for
the named addressee only, are confidential in nature and may contain
legally privileged information. The copying or distribution of this
communication or any information it contains, by anyone other than the
addressee or the person responsible for delivering this communication
to the intended addressee, is prohibited. If you receive this communication
in error, please advise us by telephone, and then delete the communication.
You will be reimbursed for reasonable costs incurred in notifying us.
Before you open or use any attachments first check them for viruses and defects.
Our liability is limited to resupplying any affected attachments only.
################################################################################
Reply to: