weird message in /var/log/messages ?

weird message in /var/log/messages ?

Post by mahe » Wed, 04 Apr 2001 13:44:30



Hi there,

I got something quite unusual today, seems that someone is trying to get
something.this message above keep flooded increasely.I don't know what
to do now.Can anyone tell me what's going on here.An attempt to hack?

Apr  3 21:16:34 hostname kernel: Packet log: output DENY eth0 PROTO=1
192.168.*.*:0 18.242.162.210:0 L=1044 S=0x00 I=13633 F=0x0000 T=63 (#6)

Apr  3 21:17:35 hostname kernel: Packet log: output DENY eth0 PROTO=1
192.168.*.*:0 18.242.162.210:0 L=1044 S=0x00 I=13646 F=0x0000 T=63 (#6)

thank you very much

maher

 
 
 

weird message in /var/log/messages ?

Post by Pierre Asseli » Wed, 04 Apr 2001 11:15:39



> Apr  3 21:16:34 hostname kernel: Packet log: output DENY eth0 PROTO=1
> 192.168.*.*:0 18.242.162.210:0 L=1044 S=0x00 I=13633 F=0x0000 T=63 (#6)

> Apr  3 21:17:35 hostname kernel: Packet log: output DENY eth0 PROTO=1
> 192.168.*.*:0 18.242.162.210:0 L=1044 S=0x00 I=13646 F=0x0000 T=63 (#6)

These are packets your machine is refusing to send out.  Nobody is
trying to get in.  PROTO=1 means ICMP.  I'd say one of your users
is trying to ping 18.242.162.210 , but I don't have my docs with me
to check the details.

--
Pierre Asselin
Westminster, Colorado

 
 
 

weird message in /var/log/messages ?

Post by Tr?ütm » Wed, 04 Apr 2001 11:16:43



Quote:>Apr  3 21:16:34 hostname kernel: Packet log: output DENY eth0 PROTO=1
>192.168.*.*:0 18.242.162.210:0 L=1044 S=0x00 I=13633 F=0x0000 T=63 (#6)

An icmp packet involving MIT.

--
______________________________
Mike Troutman
        http://www.troutman.org
        http://www.zen-data.com

 
 
 

weird message in /var/log/messages ?

Post by Bryan Packe » Wed, 04 Apr 2001 11:35:34



> Hi there,

> I got something quite unusual today, seems that someone is trying to get
> something.this message above keep flooded increasely.I don't know what
> to do now.Can anyone tell me what's going on here.An attempt to hack?

> Apr  3 21:16:34 hostname kernel: Packet log: output DENY eth0 PROTO=1
> 192.168.*.*:0 18.242.162.210:0 L=1044 S=0x00 I=13633 F=0x0000 T=63 (#6)

Your are being pinged. Evidently your machine allows the inbound ping,
icmp type 8,code 0, but doesn't allow the outbound reply, icpm type
0,code 0. See below for more details. Not much to worry about unless the
volume of pinging is consuming too much of your bandwidth.

http://www.isi.edu/in-notes/iana/assignments/icmp-parameters

bryan

--
-----------------------------------------------------------------------------------------------------------
When I die, I want to die peacefully, in my sleep. Like my grandfather.
Not screaming in terror, like the passengers in his car.

 
 
 

weird message in /var/log/messages ?

Post by mahe » Wed, 04 Apr 2001 20:12:38



> Your are being pinged. Evidently your machine allows the inbound ping,
> icmp type 8,code 0, but doesn't allow the outbound reply, icpm type
> 0,code 0. See below for more details. Not much to worry about unless the
> volume of pinging is consuming too much of your bandwidth.

> http://www.isi.edu/in-notes/iana/assignments/icmp-parameters

Though that this was a hacking attempt :) Because the message flooded
non-stoping.Do they have affect on system performance ?

thank you.
maher

 
 
 

weird message in /var/log/messages ?

Post by Bryan Packe » Thu, 05 Apr 2001 08:44:11



> Though that this was a hacking attempt :) Because the message flooded
> non-stoping.Do they have affect on system performance ?

Not so much a hack as a DoS attempt. Sure isn't good for your system
performance, but there isn't much you can do about it unless you can
place a filter on an upstream router, and keep them from getting to you.
You could deny the inbound packets, but it will still have the same
effect on your bandwidth. If it continues for too long, you might wish
to talk to your ISP.

bryan

--
-----------------------------------------------------------------------------------------------------------
When I die, I want to die peacefully, in my sleep. Like my grandfather.
Not screaming in terror, like the passengers in his car.