Computer Security - Am I subject of hachers attack ?

05-28-2006, 05:20 PM

Hi all,

I got a USR router and I see some suspect log messages:

Could someone help me to understand if someone ore more are trying to
find a bug in the router software to hack my network ?

May 28 18:14:35 user warning dnsprobe[505]: dns query failed
May 28 18:10:13 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT=
MAC= SRC=87.10.216.156 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00 TTL=58
ID=48499 DF PROTO=TCP SPT=2615 DPT=135 WINDOW=64800 RES=0x00 SYN URGP=0
May 28 18:09:55 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT=
MAC= SRC=87.11.97.13 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00 TTL=121
ID=24803 DF PROTO=TCP SPT=2180 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0
May 28 18:09:52 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT=
MAC= SRC=87.11.97.13 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00 TTL=121
ID=24484 DF PROTO=TCP SPT=2180 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0
May 28 18:09:46 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT=
MAC= SRC=87.11.52.56 DST=87.11.150.32 LEN=64 TOS=0x00 PREC=0x00 TTL=41
ID=25213 DF PROTO=TCP SPT=3716 DPT=445 WINDOW=53760 RES=0x00 SYN URGP=0
May 28 18:09:38 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT=
MAC= SRC=87.11.165.246 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00
TTL=121 ID=31069 PROTO=TCP SPT=28824 DPT=445 WINDOW=64240 RES=0x00 SYN
URGP=0
May 28 18:08:53 user warning dnsprobe[505]: dns query

buffer overflow

06-05-2006, 04:25 PM

buffer overflow <> writes:
> Hi all,
>
> I got a USR router and I see some suspect log messages:
>
> Could someone help me to understand if someone ore more are trying to
> find a bug in the router software to hack my network ?
>
> May 28 18:14:35 user warning dnsprobe[505]: dns query failed
> May 28 18:10:13 user alert kernel: Intrusion -> IN=ppp_8_35_1
> OUT= MAC= SRC=87.10.216.156 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00
> TTL=58 ID=48499 DF PROTO=TCP SPT=2615 DPT=135 WINDOW=64800 RES=0x00
> SYN URGP=0
> May 28 18:09:55 user alert kernel: Intrusion -> IN=ppp_8_35_1
> OUT= MAC= SRC=87.11.97.13 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00
> TTL=121 ID=24803 DF PROTO=TCP SPT=2180 DPT=135 WINDOW=16384 RES=0x00
> SYN URGP=0
> May 28 18:09:52 user alert kernel: Intrusion -> IN=ppp_8_35_1
> OUT= MAC= SRC=87.11.97.13 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00
> TTL=121 ID=24484 DF PROTO=TCP SPT=2180 DPT=135 WINDOW=16384 RES=0x00
> SYN URGP=0

All probes for a windows share on port 135. Script kiddie stuff the
world over. Not a big deal so long as you aren't running a windows
share out to the internet.

> May 28 18:09:46 user alert kernel: Intrusion -> IN=ppp_8_35_1
> OUT= MAC= SRC=87.11.52.56 DST=87.11.150.32 LEN=64 TOS=0x00 PREC=0x00
> TTL=41 ID=25213 DF PROTO=TCP SPT=3716 DPT=445 WINDOW=53760 RES=0x00
> SYN URGP=0

> May 28 18:09:38 user alert kernel: Intrusion -> IN=ppp_8_35_1
> OUT= MAC= SRC=87.11.165.246 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00
> TTL=121 ID=31069 PROTO=TCP SPT=28824 DPT=445 WINDOW=64240 RES=0x00 SYN
> URGP=0

Similar probe on port 445, no worries.

> May 28 18:08:53 user warning dnsprobe[505]: dns query

Automated tool seeing if you have a dns server running. NOt a big
deal either assuming your router is blocking it, and you don't have
anything in your DMZ.

--
Todd H.
http://www.toddh.net/

Todd H.

06-05-2006, 04:25 PM	#2
Todd H. Posts: n/a	Re: Am I subject of hachers attack ? buffer overflow <> writes: > Hi all, > > I got a USR router and I see some suspect log messages: > > Could someone help me to understand if someone ore more are trying to > find a bug in the router software to hack my network ? > > May 28 18:14:35 user warning dnsprobe[505]: dns query failed > May 28 18:10:13 user alert kernel: Intrusion -> IN=ppp_8_35_1 > OUT= MAC= SRC=87.10.216.156 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00 > TTL=58 ID=48499 DF PROTO=TCP SPT=2615 DPT=135 WINDOW=64800 RES=0x00 > SYN URGP=0 > May 28 18:09:55 user alert kernel: Intrusion -> IN=ppp_8_35_1 > OUT= MAC= SRC=87.11.97.13 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00 > TTL=121 ID=24803 DF PROTO=TCP SPT=2180 DPT=135 WINDOW=16384 RES=0x00 > SYN URGP=0 > May 28 18:09:52 user alert kernel: Intrusion -> IN=ppp_8_35_1 > OUT= MAC= SRC=87.11.97.13 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00 > TTL=121 ID=24484 DF PROTO=TCP SPT=2180 DPT=135 WINDOW=16384 RES=0x00 > SYN URGP=0 All probes for a windows share on port 135. Script kiddie stuff the world over. Not a big deal so long as you aren't running a windows share out to the internet. > May 28 18:09:46 user alert kernel: Intrusion -> IN=ppp_8_35_1 > OUT= MAC= SRC=87.11.52.56 DST=87.11.150.32 LEN=64 TOS=0x00 PREC=0x00 > TTL=41 ID=25213 DF PROTO=TCP SPT=3716 DPT=445 WINDOW=53760 RES=0x00 > SYN URGP=0 > May 28 18:09:38 user alert kernel: Intrusion -> IN=ppp_8_35_1 > OUT= MAC= SRC=87.11.165.246 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00 > TTL=121 ID=31069 PROTO=TCP SPT=28824 DPT=445 WINDOW=64240 RES=0x00 SYN > URGP=0 Similar probe on port 445, no worries. > May 28 18:08:53 user warning dnsprobe[505]: dns query Automated tool seeing if you have a dns server running. NOt a big deal either assuming your router is blocking it, and you don't have anything in your DMZ. -- Todd H. http://www.toddh.net/ Todd H.

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Tremors Attack Pack, all 16x9 ?	WanderinRoy	DVD Video	0	09-08-2007 08:57 PM
DVD Verdict reviews: CRUNCH: FAT BURNING AB ATTACK and more!	DVD Verdict	DVD Video	0	11-05-2005 09:18 AM
Sunil Dutt dies of heart attack	habshi	DVD Video	3	05-25-2005 03:28 PM
DVD Verdict reviews: A CINDERELLA STORY, THE HOLE, THE ADVENTURES OF JIMMY NEUTRON: ATTACK OF THE TWONKIES, and more!	DVD Verdict	DVD Video	0	11-26-2004 10:09 AM
DVD Verdict reviews: GODZILLA, MOTHRA AND KING GHIDORAH: GIANT MONSTERS ALL-OUT ATTACK and more!	DVD Verdict	DVD Video	0	02-18-2004 10:05 AM

05-28-2006, 05:20 PM	#1
	Am I subject of hachers attack ? Hi all, I got a USR router and I see some suspect log messages: Could someone help me to understand if someone ore more are trying to find a bug in the router software to hack my network ? May 28 18:14:35 user warning dnsprobe[505]: dns query failed May 28 18:10:13 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT= MAC= SRC=87.10.216.156 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00 TTL=58 ID=48499 DF PROTO=TCP SPT=2615 DPT=135 WINDOW=64800 RES=0x00 SYN URGP=0 May 28 18:09:55 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT= MAC= SRC=87.11.97.13 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=24803 DF PROTO=TCP SPT=2180 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0 May 28 18:09:52 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT= MAC= SRC=87.11.97.13 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=24484 DF PROTO=TCP SPT=2180 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0 May 28 18:09:46 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT= MAC= SRC=87.11.52.56 DST=87.11.150.32 LEN=64 TOS=0x00 PREC=0x00 TTL=41 ID=25213 DF PROTO=TCP SPT=3716 DPT=445 WINDOW=53760 RES=0x00 SYN URGP=0 May 28 18:09:38 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT= MAC= SRC=87.11.165.246 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00 TTL=121 ID=31069 PROTO=TCP SPT=28824 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0 May 28 18:08:53 user warning dnsprobe[505]: dns query buffer overflow