[NTLUG:Discuss] spoofing port scan?
Jack Snodgrass
idiotboy at cybermail.net
Thu Sep 20 07:30:03 CDT 2001
Just a WAG, but port 53 = DNS. lo = loopback. Do you have
127.0.0.1 in your /etc/resolv.conf file? Been playing with an
DNS software or changes?
jack
----- Original Message -----
From: "Jay Urish" <j at yourlinuxguru.com>
To: <discuss at ntlug.org>
Sent: Thursday, September 20, 2001 7:14 AM
Subject: [NTLUG:Discuss] spoofing port scan?
> I have been seeing something very odd in my logs.. It looks like a port
> scan coming from myself!
>
> Here is a brief snip from the logs.
>
> <SNIP>
>
>
> Sep 19 15:04:57 ns kernel: Packet log: input REJECT lo PROTO=6
> 216.87.148.66:4752 216.87.148.66:53 L=52 S=0x00 I=31721 F=0x4000 T=64 SYN
> (#90)
> Sep 19 15:05:06 ns kernel: Packet log: input REJECT lo PROTO=6
> 216.87.148.66:4753 216.87.148.66:53 L=52 S=0x00 I=31731 F=0x4000 T=64 SYN
> (#90)
> Sep 19 15:05:06 ns kernel: Packet log: input REJECT lo PROTO=6
> 216.87.148.66:4755 216.87.148.66:53 L=52 S=0x00 I=31750 F=0x4000 T=64 SYN
> (#90)
> Sep 19 15:05:06 ns kernel: Packet log: input REJECT lo PROTO=6
> 216.87.148.66:4756 216.87.148.66:53 L=52 S=0x00 I=31754 F=0x4000 T=64 SYN
> (#90)
> Sep 19 15:05:22 ns kernel: Packet log: input REJECT lo PROTO=6
> 216.87.148.66:4757 216.87.148.66:53 L=52 S=0x00 I=31764 F=0x4000 T=64 SYN
> (#90)
> Sep 19 15:05:23 ns kernel: Packet log: input REJECT lo PROTO=6
> 216.87.148.66:4759 216.87.148.66:53 L=52 S=0x00 I=31780 F=0x4000 T=64 SYN
> (#90)
> Sep 19 15:05:23 ns kernel: Packet log: input REJECT lo PROTO=6
> 216.87.148.66:4760 216.87.148.66:53 L=52 S=0x00 I=31784 F=0x4000 T=64 SYN
> (#90)
> Sep 19 15:06:04 ns kernel: Packet log: input REJECT lo PROTO=6
> 216.87.148.66:4761 216.87.148.66:53 L=52 S=0x00 I=31795 F=0x4000 T=64 SYN
> (#90)
> Sep 19 15:06:04 ns kernel: Packet log: input REJECT lo PROTO=6
> 216.87.148.66:4763 216.87.148.66:53 L=52 S=0x00 I=31811 F=0x4000 T=64 SYN
> (#90)
> Sep 19 15:06:04 ns kernel: Packet log: input REJECT lo PROTO=6
> 216.87.148.66:4764 216.87.148.66:53 L=52 S=0x00 I=31815 F=0x4000 T=64 SYN
> (#90)
> Sep 19 15:07:14 ns kernel: Packet log: input REJECT lo PROTO=6
> 216.87.148.66:4765 216.87.148.66:53 L=52 S=0x00 I=31879 F=0x4000 T=64 SYN
> (#90)
> Sep 19 15:07:15 ns kernel: Packet log: input REJECT lo PROTO=6
> 216.87.148.66:4767 216.87.148.66:53 L=52 S=0x00 I=31895 F=0x4000 T=64 SYN
> (#90)
> Sep 19 15:07:15 ns kernel: Packet log: input REJECT lo PROTO=6
> 216.87.148.66:4768 216.87.148.66:53 L=52 S=0x00 I=31899 F=0x4000 T=64 SYN
> (#90)
> Sep 19 15:08:14 ns kernel: Packet log: input REJECT lo PROTO=6
> 216.87.148.66:4770 216.87.148.66:53 L=52 S=0x00 I=31919 F=0x4000 T=64 SYN
> (#90)
> Sep 19 15:08:15 ns kernel: Packet log: input REJECT lo PROTO=6
> 216.87.148.66:4772 216.87.148.66:53 L=52 S=0x00 I=31937 F=0x4000 T=64 SYN
> (#90)
> Sep 19 15:08:15 ns kernel: Packet log: input REJECT lo PROTO=6
> 216.87.148.66:4773 216.87.148.66:53 L=52 S=0x00 I=31941 F=0x4000 T=64 SYN
(#90)
>
>
> <--SNIP>
>
> Does anybody have a clue as to whats going on?
>
> Jay Urish KB5VPS General Class ARO
> Secretary Dallas Amateur Radio Club
> Member: A.R.R.L, D.A.R.C, T.A.P.R, TX.VHF-FM.S
> Monitoring 145.17 443.075 PL110.9
>
> _______________________________________________
> http://www.ntlug.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list