[NTLUG:Discuss] spoofing port scan?
Jay Urish
j at yourlinuxguru.com
Thu Sep 20 07:44:41 CDT 2001
At 07:30 AM 9/20/2001 -0500, you wrote:
>Just a WAG, but port 53 = DNS. lo = loopback. Do you have
>127.0.0.1 in your /etc/resolv.conf file? Been playing with an
>DNS software or changes?
I haven't fooled with dns settings forever.
I'll check the resolv.conf-
>jack
>
>
>
>----- Original Message -----
>From: "Jay Urish" <j at yourlinuxguru.com>
>To: <discuss at ntlug.org>
>Sent: Thursday, September 20, 2001 7:14 AM
>Subject: [NTLUG:Discuss] spoofing port scan?
>
>
> > I have been seeing something very odd in my logs.. It looks like a port
> > scan coming from myself!
> >
> > Here is a brief snip from the logs.
> >
> > <SNIP>
> >
> >
> > Sep 19 15:04:57 ns kernel: Packet log: input REJECT lo PROTO=6
> > 216.87.148.66:4752 216.87.148.66:53 L=52 S=0x00 I=31721 F=0x4000 T=64 SYN
> > (#90)
> > Sep 19 15:05:06 ns kernel: Packet log: input REJECT lo PROTO=6
> > 216.87.148.66:4753 216.87.148.66:53 L=52 S=0x00 I=31731 F=0x4000 T=64 SYN
> > (#90)
> > Sep 19 15:05:06 ns kernel: Packet log: input REJECT lo PROTO=6
> > 216.87.148.66:4755 216.87.148.66:53 L=52 S=0x00 I=31750 F=0x4000 T=64 SYN
> > (#90)
> > Sep 19 15:05:06 ns kernel: Packet log: input REJECT lo PROTO=6
> > 216.87.148.66:4756 216.87.148.66:53 L=52 S=0x00 I=31754 F=0x4000 T=64 SYN
> > (#90)
> > Sep 19 15:05:22 ns kernel: Packet log: input REJECT lo PROTO=6
> > 216.87.148.66:4757 216.87.148.66:53 L=52 S=0x00 I=31764 F=0x4000 T=64 SYN
> > (#90)
> > Sep 19 15:05:23 ns kernel: Packet log: input REJECT lo PROTO=6
> > 216.87.148.66:4759 216.87.148.66:53 L=52 S=0x00 I=31780 F=0x4000 T=64 SYN
> > (#90)
> > Sep 19 15:05:23 ns kernel: Packet log: input REJECT lo PROTO=6
> > 216.87.148.66:4760 216.87.148.66:53 L=52 S=0x00 I=31784 F=0x4000 T=64 SYN
> > (#90)
> > Sep 19 15:06:04 ns kernel: Packet log: input REJECT lo PROTO=6
> > 216.87.148.66:4761 216.87.148.66:53 L=52 S=0x00 I=31795 F=0x4000 T=64 SYN
> > (#90)
> > Sep 19 15:06:04 ns kernel: Packet log: input REJECT lo PROTO=6
> > 216.87.148.66:4763 216.87.148.66:53 L=52 S=0x00 I=31811 F=0x4000 T=64 SYN
> > (#90)
> > Sep 19 15:06:04 ns kernel: Packet log: input REJECT lo PROTO=6
> > 216.87.148.66:4764 216.87.148.66:53 L=52 S=0x00 I=31815 F=0x4000 T=64 SYN
> > (#90)
> > Sep 19 15:07:14 ns kernel: Packet log: input REJECT lo PROTO=6
> > 216.87.148.66:4765 216.87.148.66:53 L=52 S=0x00 I=31879 F=0x4000 T=64 SYN
> > (#90)
> > Sep 19 15:07:15 ns kernel: Packet log: input REJECT lo PROTO=6
> > 216.87.148.66:4767 216.87.148.66:53 L=52 S=0x00 I=31895 F=0x4000 T=64 SYN
> > (#90)
> > Sep 19 15:07:15 ns kernel: Packet log: input REJECT lo PROTO=6
> > 216.87.148.66:4768 216.87.148.66:53 L=52 S=0x00 I=31899 F=0x4000 T=64 SYN
> > (#90)
> > Sep 19 15:08:14 ns kernel: Packet log: input REJECT lo PROTO=6
> > 216.87.148.66:4770 216.87.148.66:53 L=52 S=0x00 I=31919 F=0x4000 T=64 SYN
> > (#90)
> > Sep 19 15:08:15 ns kernel: Packet log: input REJECT lo PROTO=6
> > 216.87.148.66:4772 216.87.148.66:53 L=52 S=0x00 I=31937 F=0x4000 T=64 SYN
> > (#90)
> > Sep 19 15:08:15 ns kernel: Packet log: input REJECT lo PROTO=6
> > 216.87.148.66:4773 216.87.148.66:53 L=52 S=0x00 I=31941 F=0x4000 T=64 SYN
>(#90)
> >
> >
> > <--SNIP>
> >
> > Does anybody have a clue as to whats going on?
> >
> > Jay Urish KB5VPS General Class ARO
> > Secretary Dallas Amateur Radio Club
> > Member: A.R.R.L, D.A.R.C, T.A.P.R, TX.VHF-FM.S
> > Monitoring 145.17 443.075 PL110.9
> >
> > _______________________________________________
> > http://www.ntlug.org/mailman/listinfo/discuss
> >
>
>_______________________________________________
>http://www.ntlug.org/mailman/listinfo/discuss
Jay Urish
Your Linux Guru.
Sendmail/Bind/Apache/DHCPD/IPchains/Samba expertise all in one place!
www.yourlinuxguru.com
More information about the Discuss
mailing list