[wplug] strange messages.
harrold at sage.che.pitt.edu
harrold at sage.che.pitt.edu
Mon Sep 30 14:45:33 EDT 2002
Sometime in September Alexandros Papadopoulos assaulted keyboard and produced...
|> SRC=136.142.89.250
|> DST=61.218.206.18
|>
|> OUT=eth0 SRC=136.142.89.250
|> DST=218.16.125.85
does it matter that neither of the ip addresses are from the computer
running iptables or any of the computers it's doing nat for?
|The first one is a UDP packet to your 1025 port. Postings in newsgroups
|suggest that it's quite innocent, but I don't know for sure.
|
|The second one is a TCP packet to port 80, most likely a HTTP request. If
|you're running Apache check its logs for more information on the nature of
|the HTTP requests (perhaps you're being targeted by Nimda-like worms).
|
|Hope this helps
thanks.
--
---------------------------------------------------------------
john harrold | "They that can give up essential
jmh17 at pitt.edu | liberty to obtain a little
/"\ | temporary safety deserve neither
\ / ASCII ribbon campaign | liberty nor safety."
X against HTML mail |
/ \ | Benjamin Franklin
---------------------------------------------------------------
"International security is not a zero-sum game. Peace,
security and freedom are not finite commodities - like l
and, oil or gold - which one state can acquire at
another's expense."
United Nations Secretary-General Kofi Annan
More information about the wplug
mailing list