Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Security > Am I subject of hachers attack ?

Reply
Thread Tools

Am I subject of hachers attack ?

 
 
buffer overflow
Guest
Posts: n/a
 
      05-28-2006
Hi all,

I got a USR router and I see some suspect log messages:

Could someone help me to understand if someone ore more are trying to
find a bug in the router software to hack my network ?

May 28 18:14:35 user warning dnsprobe[505]: dns query failed
May 28 18:10:13 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT=
MAC= SRC=87.10.216.156 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00 TTL=58
ID=48499 DF PROTO=TCP SPT=2615 DPT=135 WINDOW=64800 RES=0x00 SYN URGP=0
May 28 18:09:55 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT=
MAC= SRC=87.11.97.13 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00 TTL=121
ID=24803 DF PROTO=TCP SPT=2180 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0
May 28 18:09:52 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT=
MAC= SRC=87.11.97.13 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00 TTL=121
ID=24484 DF PROTO=TCP SPT=2180 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0
May 28 18:09:46 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT=
MAC= SRC=87.11.52.56 DST=87.11.150.32 LEN=64 TOS=0x00 PREC=0x00 TTL=41
ID=25213 DF PROTO=TCP SPT=3716 DPT=445 WINDOW=53760 RES=0x00 SYN URGP=0
May 28 18:09:38 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT=
MAC= SRC=87.11.165.246 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00
TTL=121 ID=31069 PROTO=TCP SPT=28824 DPT=445 WINDOW=64240 RES=0x00 SYN
URGP=0
May 28 18:08:53 user warning dnsprobe[505]: dns query
 
Reply With Quote
 
 
 
 
Todd H.
Guest
Posts: n/a
 
      06-05-2006
buffer overflow <(E-Mail Removed)> writes:
> Hi all,
>
> I got a USR router and I see some suspect log messages:
>
> Could someone help me to understand if someone ore more are trying to
> find a bug in the router software to hack my network ?
>
> May 28 18:14:35 user warning dnsprobe[505]: dns query failed
> May 28 18:10:13 user alert kernel: Intrusion -> IN=ppp_8_35_1
> OUT= MAC= SRC=87.10.216.156 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00
> TTL=58 ID=48499 DF PROTO=TCP SPT=2615 DPT=135 WINDOW=64800 RES=0x00
> SYN URGP=0
> May 28 18:09:55 user alert kernel: Intrusion -> IN=ppp_8_35_1
> OUT= MAC= SRC=87.11.97.13 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00
> TTL=121 ID=24803 DF PROTO=TCP SPT=2180 DPT=135 WINDOW=16384 RES=0x00
> SYN URGP=0
> May 28 18:09:52 user alert kernel: Intrusion -> IN=ppp_8_35_1
> OUT= MAC= SRC=87.11.97.13 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00
> TTL=121 ID=24484 DF PROTO=TCP SPT=2180 DPT=135 WINDOW=16384 RES=0x00
> SYN URGP=0


All probes for a windows share on port 135. Script kiddie stuff the
world over. Not a big deal so long as you aren't running a windows
share out to the internet.

> May 28 18:09:46 user alert kernel: Intrusion -> IN=ppp_8_35_1
> OUT= MAC= SRC=87.11.52.56 DST=87.11.150.32 LEN=64 TOS=0x00 PREC=0x00
> TTL=41 ID=25213 DF PROTO=TCP SPT=3716 DPT=445 WINDOW=53760 RES=0x00
> SYN URGP=0


> May 28 18:09:38 user alert kernel: Intrusion -> IN=ppp_8_35_1
> OUT= MAC= SRC=87.11.165.246 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00
> TTL=121 ID=31069 PROTO=TCP SPT=28824 DPT=445 WINDOW=64240 RES=0x00 SYN
> URGP=0


Similar probe on port 445, no worries.

> May 28 18:08:53 user warning dnsprobe[505]: dns query


Automated tool seeing if you have a dns server running. NOt a big
deal either assuming your router is blocking it, and you don't have
anything in your DMZ.


--
Todd H.
http://www.toddh.net/
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
No Subject for this subject George MCAD 0 05-20-2005 10:19 AM
Add/Remove Programs Help Kinda Wierd Do Not Ignore Terrable Subject JustIgnore The Subject Oops Whatever Duh Samuel Townsend Computer Support 0 10-13-2004 12:49 AM
DOS Attack SingSong Cisco 3 12-13-2003 01:47 AM
cisco commands for checking for DOS attack Tim J. Dunn Cisco 2 11-05-2003 03:15 AM
Any one do a mini-few-sec digital handheld videocam for re-attack after violent road rage attack? dorothy.bradbury Digital Photography 15 07-20-2003 11:58 PM



Advertisments