weird packets.. anyone?

From: Vlad (tmd@tmd.df.ru)
Date: 08/02/01 

Date: Thu, 2 Aug 2001 16:41:10 -0400
From: Vlad <tmd@tmd.df.ru>
To: freebsd-security@freebsd.org

I've got this today in my logs:

Aug 2 12:51:32 tmd ipmon[35772]: 12:51:31.270526 ed0 @0:5 b 0.0.0.0,68 -> 255.255.255.255,67 PR udp len 20 328 IN
Aug 2 12:57:54 tmd ipmon[35772]: 12:52:34.606148 3x ed0 @0:5 b 169.254.179.233,137 -> 169.254.255.255,137 PR udp len
20 96

and connection to 138.

each of connection was followed by the following entries in the log:

Aug 2 13:33:39 tmd /kernel: Connection attempt to UDP 24.43.202.10:1931 from 24.2.9.35:53
Aug 2 13:33:39 tmd /kernel: Connection attempt to UDP 24.43.202.10:1934 from 24.2.9.33:53
Aug 2 13:33:39 tmd /kernel: Connection attempt to UDP 24.43.202.10:1940 from 24.2.9.33:53
Aug 2 13:33:52 tmd /kernel: Connection attempt to UDP 24.43.202.10:1939 from 24.2.9.35:53
Aug 2 13:33:52 tmd /kernel: Connection attempt to UDP 24.43.202.10:1942 from 24.2.9.33:53
Aug 2 13:33:52 tmd /kernel: Connection attempt to UDP 24.43.202.10:1941 from 24.2.9.35:53
Aug 2 13:34:06 tmd /kernel: Connection attempt to UDP 24.43.202.10:1943 from 24.2.9.35:53
Aug 2 13:34:09 tmd /kernel: Connection attempt to UDP 24.43.202.10:1944 from 24.2.9.33:53
Aug 2 13:34:39 tmd /kernel: Connection attempt to UDP 24.43.202.10:1945 from 24.2.9.35:53
Aug 2 13:34:52 tmd /kernel: Connection attempt to UDP 24.43.202.10:1950 from 24.2.9.33:53
Aug 2 13:35:00 tmd /kernel: Connection attempt to UDP 24.43.202.10:1952 from 24.2.9.33:53
Aug 2 13:35:00 tmd /kernel: Connection attempt to UDP 24.43.202.10:1951 from 24.2.9.35:53
Aug 2 13:35:09 tmd /kernel: Connection attempt to UDP 24.43.202.10:1954 from 24.2.9.33:53
Aug 2 13:35:39 tmd /kernel: Connection attempt to UDP 24.43.202.10:1953 from 24.2.9.35:53
Aug 2 13:35:39 tmd /kernel: Connection attempt to UDP 24.43.202.10:1955 from 24.2.9.35:53
Aug 2 13:35:39 tmd /kernel: Connection attempt to UDP 24.43.202.10:1956 from 24.2.9.33:53

and then repeated..

24.32.202.10 - my ip
24.2.9.33 - primary DNSof my ISP

does anyone have any idea what this is?

please answer to e-mail if possible..

thanks!

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • Re: repeated SYN packets to port 80
    ... tcplogd of my linux box> logs repeated "www connection attempt from xxx" where xxx is some IP> address out there in the ether. ... It looks sort of like a DDoS attack, but> instead of a SYN flood, it's a SYN trickle, since the total number of> machines I've noticed sending at any one time is typically under five>, and they don't send *that* frequently. ... I didn't notice any> degradation in performance -- I just happened to notice all these> entries in my log files. ...
    (comp.security.unix)
  • Re: How Stupid Is Mottershead?
    ... From the USCF Issues Forum this morning. ... The logs were being generated by software that I ... USCF Forums database, I could have tampered with that, too. ... Once the connection is established between an IP ...
    (rec.games.chess.politics)
  • Re: SBS Dial-up Connector - Connects unexpectedly.
    ... If you have turned up the logging on RRAS and made sure it logs everything, ... it should turn up in the systemlog on the server. ... that the connection can't be made. ... > discount spyware on my client PC's. ...
    (microsoft.public.windows.server.sbs)
  • RE: Computers losing their connection
    ... I am getting some event errors in the security logs. ... > Have you looked at the logs on the server? ... they have to restart their computer to regain the connection to some ...
    (microsoft.public.windows.server.sbs)
  • Re: Unable to establish the VPN connection. The VPN server may be
    ... Router 192.168.3.1 DHCP server ... >> or security parameters may not be configured properly for this connection. ... What about the ISA logs? ... If you can get a VPN connection but authentication times ...
    (microsoft.public.windows.server.sbs)
Quantcast