[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
Good point Kevin, If the offending scans came from a private IP addy like 192.168.x.x then its likely a hacker piggybacking your Wlan Steph 2008/11/3 Kevin Tunison <ktunison@xxxxxxxxx>: > On Sat, Nov 1, 2008 at 12:39 PM, Simon WD Robert > <simon.robert@xxxxxxxxxxxxx> wrote: >> Hi >> >> I have had a number of warnings from my router. All the messages have >> the same format, a bunch TCP packets, all from the same IP (different IP >> for each warning message) followed by a UDP packet from a nother IP. Any >> ideas what's being attempted? >> >> I'm not particularly worried, I've run a port scan and everything is >> stealthed and unresponsive, but I'd like to know. >> >> Simon >> -- >> info@xxxxxxxxxxxxxxxxxxxxxx >> www.oldhouse-cottage.co.uk >> >> > > The first thought that comes to mind is that may be an attempt to > exploit the fairly recent DNS vulnerabilities. You could suss that by > the ports the packet are aimed at. Like Steph says, it is fairly > common. I'm curious if this came in over wireless or the ISP network? > > Regards, > > KevinT > > -- > The Mailing List for the Devon & Cornwall LUG > http://mailman.dclug.org.uk/listinfo/list > FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html > -- -----BEGIN GEEK CODE BLOCK----- Version: 3.1 GCS/S d- s+:+ a+ C+++ U+++ P L++ E W++ N+ K- w--$ O— M- V— L++++>$ PS+++ PE Y++ PGP++ t+ 5+++ X- R+ tv- b DI++ D++ G e* h+ r++ y? ------END GEEK CODE BLOCK------ -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html