I am attaching log files whichshow two days of attack and then an IP Spoof. Is this an indication of a successful access of our Red Hat 7.1 Linux machine? The Firewall manufacture (SonicWall) says no, but I am not sure of that. The MAC address is our Linux box. On the IP Spoof, neither Source nor Destination are on our LAN. 10/20/2001 08:12:46.160 - Possible Port Scan - Source:209.195.200.206, 53744, WAN - Destination:208.26.184.xxx, 5579, LAN - - 10/20/2001 08:12:58.304 - Striker Attack Dropped - Source:209.195.200.206, 55387, WAN - Destination:208.26.184.xxx, 2565, WAN - - 10/20/2001 08:13:00.368 - Sub Seven Attack Dropped - Source:209.195.200.206, 55653, WAN - Destination:208.26.184.xxx, 1243, WAN - - 10/20/2001 08:13:06.592 - Ini Killer Attack Dropped - Source:209.195.200.206, 56491, WAN - Destination:208.26.184.xxx, 9989, WAN - - 10/20/2001 08:13:32.208 - Ripper Attack Dropped - Source:209.195.200.206, 59280, WAN - Destination:208.26.184.xxx, 2023, WAN - - 10/20/2001 08:14:38.816 - Net Spy Attack Dropped - Source:209.195.200.206, 65247, WAN - Destination:208.26.184.xxx, 1024, WAN - - 10/21/2001 06:44:32.640 - Probable Port Scan - Source:202.219.52.137, 3162, WAN - Destination:208.26.184.xxx, 908, LAN - - 10/21/2001 06:45:29.288 - Sub Seven Attack Dropped - Source:202.219.52.137, 3619, WAN - Destination:208.26.184.xxx, 6711, WAN - - 10/21/2001 06:45:30.000 - Ripper Attack Dropped - Source:202.219.52.137, 3764, WAN - Destination:208.26.184.xxx, 2023, WAN - - 10/21/2001 06:45:40.400 - Striker Attack Dropped - Source:202.219.52.137, 1841, WAN - Destination:208.26.184.xxx, 2565, WAN - - 10/21/2001 06:45:41.176 - Net Spy Attack Dropped - Source:202.219.52.137, 2002, WAN - Destination:208.26.184.xxx, 1024, WAN - - 10/21/2001 06:45:43.176 - Ini Killer Attack Dropped - Source:202.219.52.137, 2438, WAN - Destination:208.26.184.xxx, 9989, WAN - - 10/21/2001 06:48:15.352 - Back Orifice Attack Dropped - Source:202.219.52.137, 2220, WAN - Destination:208.26.184.xxx, 31337, WAN - - 10/21/2001 06:48:44.032 - NetBus Attack Dropped - Source:202.219.52.137, 4238, WAN - Destination:208.26.184.xxx, 12345, WAN - - 10/21/2001 06:49:14.368 - Priority Attack Dropped - Source:202.219.52.137, 2770, WAN - Destination:208.26.184.xxx, 16969, WAN - - 10/21/2001 07:38:20.544 - IP spoof detected - Source:194.153.255.99, 8, LAN - Destination:192.117.189.191, 8, WAN - MAC address: 00.06.5B.1A.1E.EB - Paul ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Oct 24 2001 - 16:00:03 PDT