Am I subject of hachers attack ?

Discussion in 'Computer Security' started by buffer overflow, May 28, 2006.

  1. Hi all,

    I got a USR router and I see some suspect log messages:

    Could someone help me to understand if someone ore more are trying to
    find a bug in the router software to hack my network ?

    May 28 18:14:35 user warning dnsprobe[505]: dns query failed
    May 28 18:10:13 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT=
    MAC= SRC=87.10.216.156 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00 TTL=58
    ID=48499 DF PROTO=TCP SPT=2615 DPT=135 WINDOW=64800 RES=0x00 SYN URGP=0
    May 28 18:09:55 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT=
    MAC= SRC=87.11.97.13 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00 TTL=121
    ID=24803 DF PROTO=TCP SPT=2180 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0
    May 28 18:09:52 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT=
    MAC= SRC=87.11.97.13 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00 TTL=121
    ID=24484 DF PROTO=TCP SPT=2180 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0
    May 28 18:09:46 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT=
    MAC= SRC=87.11.52.56 DST=87.11.150.32 LEN=64 TOS=0x00 PREC=0x00 TTL=41
    ID=25213 DF PROTO=TCP SPT=3716 DPT=445 WINDOW=53760 RES=0x00 SYN URGP=0
    May 28 18:09:38 user alert kernel: Intrusion -> IN=ppp_8_35_1 OUT=
    MAC= SRC=87.11.165.246 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00
    TTL=121 ID=31069 PROTO=TCP SPT=28824 DPT=445 WINDOW=64240 RES=0x00 SYN
    URGP=0
    May 28 18:08:53 user warning dnsprobe[505]: dns query
     
    buffer overflow, May 28, 2006
    #1
    1. Advertising

  2. buffer overflow

    Todd H. Guest

    buffer overflow <> writes:
    > Hi all,
    >
    > I got a USR router and I see some suspect log messages:
    >
    > Could someone help me to understand if someone ore more are trying to
    > find a bug in the router software to hack my network ?
    >
    > May 28 18:14:35 user warning dnsprobe[505]: dns query failed
    > May 28 18:10:13 user alert kernel: Intrusion -> IN=ppp_8_35_1
    > OUT= MAC= SRC=87.10.216.156 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00
    > TTL=58 ID=48499 DF PROTO=TCP SPT=2615 DPT=135 WINDOW=64800 RES=0x00
    > SYN URGP=0
    > May 28 18:09:55 user alert kernel: Intrusion -> IN=ppp_8_35_1
    > OUT= MAC= SRC=87.11.97.13 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00
    > TTL=121 ID=24803 DF PROTO=TCP SPT=2180 DPT=135 WINDOW=16384 RES=0x00
    > SYN URGP=0
    > May 28 18:09:52 user alert kernel: Intrusion -> IN=ppp_8_35_1
    > OUT= MAC= SRC=87.11.97.13 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00
    > TTL=121 ID=24484 DF PROTO=TCP SPT=2180 DPT=135 WINDOW=16384 RES=0x00
    > SYN URGP=0


    All probes for a windows share on port 135. Script kiddie stuff the
    world over. Not a big deal so long as you aren't running a windows
    share out to the internet.

    > May 28 18:09:46 user alert kernel: Intrusion -> IN=ppp_8_35_1
    > OUT= MAC= SRC=87.11.52.56 DST=87.11.150.32 LEN=64 TOS=0x00 PREC=0x00
    > TTL=41 ID=25213 DF PROTO=TCP SPT=3716 DPT=445 WINDOW=53760 RES=0x00
    > SYN URGP=0


    > May 28 18:09:38 user alert kernel: Intrusion -> IN=ppp_8_35_1
    > OUT= MAC= SRC=87.11.165.246 DST=87.11.150.32 LEN=48 TOS=0x00 PREC=0x00
    > TTL=121 ID=31069 PROTO=TCP SPT=28824 DPT=445 WINDOW=64240 RES=0x00 SYN
    > URGP=0


    Similar probe on port 445, no worries.

    > May 28 18:08:53 user warning dnsprobe[505]: dns query


    Automated tool seeing if you have a dns server running. NOt a big
    deal either assuming your router is blocking it, and you don't have
    anything in your DMZ.


    --
    Todd H.
    http://www.toddh.net/
     
    Todd H., Jun 5, 2006
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Steve

    VOIP over Wi-Fi subject to eavesdropping?

    Steve, Aug 4, 2005, in forum: Wireless Networking
    Replies:
    51
    Views:
    1,679
    Peter Hayes
    Aug 9, 2005
  2. Axl
    Replies:
    1
    Views:
    1,078
    Hellmark
    Sep 8, 2003
  3. Samuel Townsend
    Replies:
    0
    Views:
    667
    Samuel Townsend
    Oct 13, 2004
  4. dorothy.bradbury
    Replies:
    15
    Views:
    1,091
    dorothy.bradbury
    Jul 21, 2003
  5. George

    No Subject for this subject

    George, May 20, 2005, in forum: MCAD
    Replies:
    0
    Views:
    416
    George
    May 20, 2005
Loading...

Share This Page