Apr 27 12:06:47 kernel securityalert UDP if=eb1 srcaddr=132.0.0.9 srcport=520 dstaddr=132.0.0.255 dstport=520 Apr 27 12:07:17 kernel securityalert UDP if=eb1 srcaddr=132.0.0.9 srcport=520 dstaddr=132.0.0.255 dstport=520 Apr 27 12:07:47 kernel securityalert UDP if=eb1 srcaddr=132.0.0.9 srcport=520 dstaddr=132.0.0.255 dstport=520 Apr 27 12:08:17 kernel securityalert UDP if=eb1 srcaddr=132.0.0.9 srcport=520 dstaddr=132.0.0.255 dstport=520 Apr 27 12:08:47 kernel securityalert UDP if=eb1 srcaddr=132.0.0.9 srcport=520 dstaddr=132.0.0.255 dstport=520 Apr 27 12:09:18 kernel securityalert UDP if=eb1 srcaddr=132.0.0.9 srcport=520 dstaddr=132.0.0.255 dstport=520 Apr 27 12:09:48 kernel securityalert UDP if=eb1 srcaddr=132.0.0.9 srcport=520 dstaddr=132.0.0.255 dstport=520 Apr 27 12:10:18 kernel securityalert UDP if=eb1 srcaddr=132.0.0.9 srcport=520 dstaddr=132.0.0.255 dstport=520 Apr 27 12:10:41 kernel securityalert UDP if=eb1 srcaddr=a.b.c.d srcport=34188 dstaddr=132.0.0.9 dstport=33437 Apr 27 12:10:44 kernel securityalert UDP if=eb1 srcaddr=a.b.c.d srcport=42010 dstaddr=132.0.0.9 dstport=33438 Apr 27 12:10:47 kernel securityalert UDP if=eb1 srcaddr=a.b.c.d srcport=40156 dstaddr=132.0.0.9 dstport=33439 Apr 27 12:10:48 kernel securityalert UDP if=eb1 srcaddr=132.0.0.9 srcport=520 dstaddr=132.0.0.255 dstport=520 Apr 27 12:10:50 kernel securityalert UDP if=eb1 srcaddr=a.b.c.d srcport=40423 dstaddr=132.0.0.9 dstport=33440 Apr 27 12:10:53 kernel securityalert UDP if=eb1 srcaddr=a.b.c.d srcport=40092 dstaddr=132.0.0.9 dstport=33441 Apr 27 12:10:56 kernel securityalert UDP if=eb1 srcaddr=a.b.c.d srcport=40103 dstaddr=132.0.0.9 dstport=33442 Apr 27 12:10:59 kernel securityalert UDP if=eb1 srcaddr=a.b.c.d srcport=34104 dstaddr=132.0.0.9 dstport=33443 Apr 27 12:11:02 kernel securityalert UDP if=eb1 srcaddr=a.b.c.d srcport=42407 dstaddr=132.0.0.9 dstport=33444 Apr 27 12:11:05 kernel securityalert UDP if=eb1 srcaddr=a.b.c.d srcport=38351 dstaddr=132.0.0.9 dstport=33445 Apr 27 12:11:08 kernel securityalert UDP if=eb1 srcaddr=a.b.c.d srcport=34613 dstaddr=132.0.0.9 dstport=33446 Apr 27 12:11:11 kernel securityalert UDP if=eb1 srcaddr=a.b.c.d srcport=39591 dstaddr=132.0.0.9 dstport=33447 Apr 27 12:11:14 kernel securityalert UDP if=eb1 srcaddr=a.b.c.d srcport=39538 dstaddr=132.0.0.9 dstport=33448 Apr 27 12:11:17 kernel securityalert UDP if=eb1 srcaddr=a.b.c.d srcport=36851 dstaddr=132.0.0.9 dstport=33449 Apr 27 12:11:18 kernel securityalert UDP if=eb1 srcaddr=132.0.0.9 srcport=520 dstaddr=132.0.0.255 dstport=520 Apr 27 12:11:20 kernel securityalert UDP if=eb1 srcaddr=a.b.c.d srcport=42209 dstaddr=132.0.0.9 dstport=33450 Apr 27 12:11:23 kernel securityalert UDP if=eb1 srcaddr=a.b.c.d srcport=36268 dstaddr=132.0.0.9 dstport=33451 Apr 27 12:11:26 kernel securityalert UDP if=eb1 srcaddr=a.b.c.d srcport=41206 dstaddr=132.0.0.9 dstport=33452 Apr 27 12:11:29 kernel securityalert UDP if=eb1 srcaddr=a.b.c.d srcport=35181 dstaddr=132.0.0.9 dstport=33453 Apr 27 12:11:32 kernel securityalert UDP if=eb1 srcaddr=a.b.c.d srcport=42220 dstaddr=132.0.0.9 dstport=33454 Apr 27 12:11:35 kernel securityalert UDP if=eb1 srcaddr=a.b.c.d srcport=41827 dstaddr=132.0.0.9 dstport=33455 Apr 27 12:11:38 kernel securityalert UDP if=eb1 srcaddr=a.b.c.d srcport=38915 dstaddr=132.0.0.9 dstport=33456 Trying to figure out what this traffic is. 132.0.0.9 and 132.0.0.255 do not seem to exsist. An Arin lookup shows these IP's not being assignerd to any specific netblock. The port 520 in the first portion of the logs show some type of router communications. a.b.c.d is my net's add. In the second part of the add, it looks like I am initiating the traffic. The consecutive dest ports show some type of scan. What I dont understand is that 132.0.0.0 is not on my network so why is it showing up in my logs. Does it look like some sort of amplified attack using my site as the ampliphier? Any suggestions? Help! Cheers, Eric
This archive was generated by hypermail 2b30 : Mon Apr 30 2001 - 09:30:35 PDT