Hey guys, Been seeing this in my logs for a few days now. Haven't really had the time to go hunting for it, so if it's been covered in a previous post, please just send details of the posts - not flames :)) The obfuscated x.x (source) addresses are all in the same /16. The a.b.c (dest) addresses are all in the same /24. The time between the packets seems to be somewhat random, and the machines are not evenly spread across the /16. Any ideas....? ---------snip--------- Aug 22 20:48:57 edge1-th.my.tld 1449591: %SEC-6-IPACCESSLOGP: list x denied tcp x.x.131.34(14414) -> a.b.c.239(239), 1 packet Aug 22 22:03:27 edge1-th.my.tld 1449733: %SEC-6-IPACCESSLOGP: list x denied tcp x.x.131.34(15135) -> a.b.c.186(186), 1 packet Aug 22 23:24:41 edge1-th.my.tld 1449887: %SEC-6-IPACCESSLOGP: list x denied tcp x.x.82.98(63046) -> a.b.c.254(254), 1 packet Aug 22 23:28:09 edge1-th.my.tld 1449895: %SEC-6-IPACCESSLOGP: list x denied tcp x.x.82.98(60647) -> a.b.c.254(254), 1 packet Aug 22 23:38:10 edge1-th.my.tld 1449914: %SEC-6-IPACCESSLOGP: list x denied tcp x.x.82.98(9935) -> a.b.c.254(254), 1 packet Aug 23 00:18:41 edge1-th.my.tld 1449975: %SEC-6-IPACCESSLOGP: list x denied tcp x.x.21.89(20700) -> a.b.c.149(149), 1 packet Aug 23 00:23:57 edge1-th.my.tld 1449983: %SEC-6-IPACCESSLOGP: list x denied tcp x.x.21.89(56494) -> a.b.c.150(150), 1 packet Aug 23 00:24:40 edge1-th.my.tld 1449984: %SEC-6-IPACCESSLOGP: list x denied tcp x.x.21.89(55292) -> a.b.c.150(150), 1 packet Aug 23 00:27:03 edge1-th.my.tld 1449988: %SEC-6-IPACCESSLOGP: list x denied tcp x.x.21.89(1282) -> a.b.c.149(149), 1 packet Aug 23 00:28:23 edge1-th.my.tld 1449994: %SEC-6-IPACCESSLOGP: list x denied tcp x.x.21.89(3296) -> a.b.c.149(149), 1 packet Aug 23 00:28:57 edge1-th.my.tld 1449995: %SEC-6-IPACCESSLOGP: list x denied tcp x.x.21.89(11821) -> a.b.c.150(150), 1 packet Aug 23 02:31:29 edge1-th.my.tld 1450210: %SEC-6-IPACCESSLOGP: list x denied tcp x.x.132.190(5729) -> a.b.c.203(203), 1 packet Aug 23 03:39:43 edge1-th.my.tld 1450321: %SEC-6-IPACCESSLOGP: list x denied tcp x.x.131.34(28778) -> a.b.c.125(125), 1 packet Aug 23 04:34:18 edge1-th.my.tld 1450410: %SEC-6-IPACCESSLOGP: list x denied tcp x.x.131.34(29740) -> a.b.c.130(130), 1 packet Aug 23 04:48:19 edge1-th.my.tld 1450435: %SEC-6-IPACCESSLOGP: list x denied tcp x.x.131.34(20144) -> a.b.c.222(222), 1 packet Aug 23 06:39:32 edge1-th.my.tld 1450618: %SEC-6-IPACCESSLOGP: list x denied tcp x.x.86.200(32901) -> a.b.c.179(179), 1 packet Aug 23 08:15:22 edge1-th.my.tld 1450770: %SEC-6-IPACCESSLOGP: list x denied tcp x.x.131.34(52323) -> a.b.c.226(226), 1 packet ---------snip--------- -- Scott Nursten - Systems Administrator ---------------------------------------------- ddi: +44 (0) 1293 744 122 work: +44 (0) 1293 402 040 fax: +44 (0) 1293 402 050 email: scottnat_private wwweb: http://www.streetsonline.co.uk ---------------------------------------------- Any sufficiently advanced technology is indistinguishable from magic. Arthur C. Clarke Any technology distinguishable from magic is insufficiently advanced. (Probably not) Arthur C. Clarke ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu Aug 23 2001 - 10:51:22 PDT