Security Question

From: Paul Speck (paul.speckat_private)
Date: Wed Oct 24 2001 - 15:57:30 PDT

  • Next message: Ed Shirley: "NC_S_ISLCK Group Added"

    I am attaching log files whichshow  two days of attack and then an IP Spoof.
    Is this an indication of a successful access of our Red Hat 7.1 Linux
    machine?  The Firewall manufacture (SonicWall) says no, but I am not sure of
    that.  The MAC address is our Linux box.  On the IP Spoof, neither Source
    nor Destination are on our LAN.
      
    
    10/20/2001 08:12:46.160 - Possible Port Scan - Source:209.195.200.206,
    53744, WAN - Destination:208.26.184.xxx, 5579, LAN - - 
    
    10/20/2001 08:12:58.304 - Striker Attack Dropped - Source:209.195.200.206,
    55387, WAN - Destination:208.26.184.xxx, 2565, WAN - - 
    
    10/20/2001 08:13:00.368 - Sub Seven Attack Dropped - Source:209.195.200.206,
    55653, WAN - Destination:208.26.184.xxx, 1243, WAN - - 
    
    10/20/2001 08:13:06.592 - Ini Killer Attack Dropped -
    Source:209.195.200.206, 56491, WAN - Destination:208.26.184.xxx, 9989, WAN -
    - 
    
    10/20/2001 08:13:32.208 - Ripper Attack Dropped - Source:209.195.200.206,
    59280, WAN - Destination:208.26.184.xxx, 2023, WAN - - 
    
    10/20/2001 08:14:38.816 - Net Spy Attack Dropped - Source:209.195.200.206,
    65247, WAN - Destination:208.26.184.xxx, 1024, WAN - -
    
    
    10/21/2001 06:44:32.640 - Probable Port Scan - Source:202.219.52.137, 3162,
    WAN - Destination:208.26.184.xxx, 908, LAN - - 
    
    10/21/2001 06:45:29.288 - Sub Seven Attack Dropped - Source:202.219.52.137,
    3619, WAN - Destination:208.26.184.xxx, 6711, WAN - - 
    
    10/21/2001 06:45:30.000 - Ripper Attack Dropped - Source:202.219.52.137,
    3764, WAN - Destination:208.26.184.xxx, 2023, WAN - - 
    
    10/21/2001 06:45:40.400 - Striker Attack Dropped - Source:202.219.52.137,
    1841, WAN - Destination:208.26.184.xxx, 2565, WAN - - 
    
    10/21/2001 06:45:41.176 - Net Spy Attack Dropped - Source:202.219.52.137,
    2002, WAN - Destination:208.26.184.xxx, 1024, WAN - - 
    
    10/21/2001 06:45:43.176 - Ini Killer Attack Dropped - Source:202.219.52.137,
    2438, WAN - Destination:208.26.184.xxx, 9989, WAN - - 
    
    10/21/2001 06:48:15.352 - Back Orifice Attack Dropped -
    Source:202.219.52.137, 2220, WAN - Destination:208.26.184.xxx, 31337, WAN -
    - 
    
    10/21/2001 06:48:44.032 - NetBus Attack Dropped - Source:202.219.52.137,
    4238, WAN - Destination:208.26.184.xxx, 12345, WAN - - 
    
    10/21/2001 06:49:14.368 - Priority Attack Dropped - Source:202.219.52.137,
    2770, WAN - Destination:208.26.184.xxx, 16969, WAN - - 
    
    10/21/2001 07:38:20.544 - IP spoof detected - Source:194.153.255.99, 8, LAN
    - Destination:192.117.189.191, 8, WAN - MAC address: 00.06.5B.1A.1E.EB - 
    
    Paul
     
    
    ----------------------------------------------------------------------------
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see: http://aris.securityfocus.com
    



    This archive was generated by hypermail 2b30 : Wed Oct 24 2001 - 16:00:03 PDT