Strange Packet logs in ipchains

From: Sam Dirk (samdirk@online.ie)
Date: 03/25/03

Next message: David M. Fetter: "Re: Linux/windows remote authentication"

Previous message: Debbie Torri: "Security Approval Process"
Next in thread: Paris Stone: "Re: Strange Packet logs in ipchains"
Maybe reply: Paris Stone: "Re: Strange Packet logs in ipchains"
Reply: Vic Parat (NSS): "Re: Strange Packet logs in ipchains"
Maybe reply: Mike Heitz: "RE: Strange Packet logs in ipchains"
Reply: Bear Giles: "Re: Strange Packet logs in ipchains"
Reply: Burton M. Strauss III: "RE: Strange Packet logs in ipchains"
Maybe reply: Gwydion Mine: "RE: Strange Packet logs in ipchains"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 25 Mar 2003 10:41:33 -0000
From: Sam Dirk <samdirk@online.ie>
To: security-basics@securityfocus.com

('binary' encoding is not supported, stored as-is)

Hi All,

Yesterday I noticed the following entry in logs:

Packet log: input REJECT eth0 PROTO=17 169.254.208.158:137
169.254.255.255:137 L=96 S=0x00 I=3072 F=0x0
000 T=128 (#9)

This occured only on our internal (10.10.x.x address) network. The packets
were seen three times over the course of the day but lasted for only one -
two seconds so it was impossible to get a tcpdump.

In addition the source address was either 169.254.208.158 or
169.254.24.111. We don't use the above addresses on the network so am I

-------------------------------------------------------------------
SurfControl E-mail Filter puts the brakes on spam,
viruses and malicious code. Safeguard your business
critical communications. Download a free 30-day trial:
http://www.surfcontrol.com/go/zsfsbl1

Next message: David M. Fetter: "Re: Linux/windows remote authentication"

Previous message: Debbie Torri: "Security Approval Process"
Next in thread: Paris Stone: "Re: Strange Packet logs in ipchains"
Maybe reply: Paris Stone: "Re: Strange Packet logs in ipchains"
Reply: Vic Parat (NSS): "Re: Strange Packet logs in ipchains"
Maybe reply: Mike Heitz: "RE: Strange Packet logs in ipchains"
Reply: Bear Giles: "Re: Strange Packet logs in ipchains"
Reply: Burton M. Strauss III: "RE: Strange Packet logs in ipchains"
Maybe reply: Gwydion Mine: "RE: Strange Packet logs in ipchains"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Odd firewall log entry
... My question is about an entry into the ... >> logs. ... > network or another of their customers, that has somehow found its way onto ... Internet if the _destination_ address is 192.168.x.x. ...
(comp.security.firewalls)
Network based intrusion detection
... ('binary' encoding is not supported, ... I was wondering what everyone is doing for network ... based intrusion detection? ... to the logs of all incoming traffic. ...
(Security-Basics)
Re: Log file full of security problems!
... having with my small peer-to-peer network. ... Primary User Name: Mark ... Primary Logon ID: ... Disable the logging for the time being; Clear the logs or copy them to ...
(microsoft.public.windowsxp.network_web)
Re: account not allowing domain access
... It sounds like it could be a problem with wrong credentials, network ... Have the admin check the security logs of LT2000s to see if there are any ... have basic connectivity to it and if you can not ping by name try it's IP ... like profile settings, please let me know where to get that so I can post ...
(microsoft.public.windowsxp.security_admin)
RE: Anon Logon Events 538/540
... The event 540 logs the Successful Network Logon and the event 538 logs the ... Successful Network Logoff. ... Windows 2000, and Windows XP) ...
(microsoft.public.windowsxp.security_admin)