I am curious as to what this might be, I am seeing hits in my iptables logs after visiting certain websites.. mainly Oct 29 09:26:15 stealth kernel: IN=eth0 OUT= MAC= "long number" SRC=64.28.67.70 DST=my.adr.xxx.xxx LEN=56 TOS=0x00 PREC=0x00 TTL=46 ID=16970 DF PROTO=TCP SPT=80 DPT=33270 WINDOW=15180 RES=0x00 ACK SYN URGP=0 This is netbsd.org Oct 30 11:35:47 stealth kernel: IN=eth0 OUT= MAC= "long number" SRC=64.58.76.98 DST=my.adr.xxx.xxx LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=9741 DF PROTO=TCP SPT=443 DPT=33270 WINDOW=16560 RES=0x00 ACK SYN URGP=0 This is yahoo groups. Oct 31 09:01:41 stealth kernel: IN=eth0 OUT= MAC= "long number" SRC=204.152.186.171 DST=my.adr.xxx.xxx LEN=56 TOS=0x00 PREC=0x00 TTL=51 ID=23555 PROTO=TCP SPT=80 DPT=33270 WINDOW=32768 RES=0x00 ACK SYN URGP=0 This is mysql.org Always 5 hits and I cant tell you how long after. I have checked port 33270 trinity on my machine and the local subnet for the trinity ddos with nothing found. Is this just a false negative or am I seeing something more ominous.... Cheers for any inforamtion re-assurance -- Bradley Filmer Looking for paranoia in all the right places ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Oct 31 2001 - 08:28:02 PST