a lot of spoofed traffic for port 8, does anybody recon this?

From: Mikael Fors (mfat_private)
Date: Wed May 09 2001 - 01:54:00 PDT

  • Next message: Paul Rogers: "Re: Suspect e-mail from bfrazzonat_private" 

    Last 24 hours I've been receiving a lot of strange packets on my public interface. Log has been sanitized.

May  9 10:03:36 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.22.2:0 L=60 S=0x00 I=29112 F=0x0000 T=126 (#24)
May  9 10:03:36 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.22.2:0 L=60 S=0x00 I=29113 F=0x0000 T=127 (#24)
May  9 10:03:39 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.22.2:0 L=60 S=0x00 I=29117 F=0x0000 T=127 (#24)
May  9 10:04:06 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.5.1:0 L=60 S=0x00 I=29177 F=0x0000 T=126 (#24)
May  9 10:04:06 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.5.1:0 L=60 S=0x00 I=29178 F=0x0000 T=127 (#24)
May  9 10:04:09 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.5.1:0 L=60 S=0x00 I=29185 F=0x0000 T=127 (#24)
May  9 10:04:33 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.255.1:0 L=60 S=0x00 I=29235 F=0x0000 T=126 (#24)
May  9 10:04:33 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.255.1:0 L=60 S=0x00 I=29236 F=0x0000 T=127 (#24)
May  9 10:04:36 gator kernel: Packet log: eth0o REJECT eth0 PROTO=1 a.b.c.d:8 192.168.255.1:0 L=60 S=0x00 I=29243 F=0x0000 T=127 (#24)

These packets started trickling here about 48 hours ago, and I have no clue what it can be. What resides on port 8 and why ICMP??? All of these packets arrive on the public interface, and contains private networks, mostly 192.168.x.x networks, but also 172.x.x.x networks show up.

Mikael Fors
Mora Datorer AB

    This archive was generated by hypermail 2b30 : Thu May 10 2001 - 19:06:15 PDT