[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Mon, 2008-11-03 at 10:29 +0000, Steph Foster wrote: > Good point Kevin, > > If the offending scans came from a private IP addy like 192.168.x.x > then its likely a hacker piggybacking your Wlan > > Steph > > > 2008/11/3 Kevin Tunison <ktunison@xxxxxxxxx>: > > On Sat, Nov 1, 2008 at 12:39 PM, Simon WD Robert > > <simon.robert@xxxxxxxxxxxxx> wrote: > >> Hi > >> > >> I have had a number of warnings from my router. All the messages have > >> the same format, a bunch TCP packets, all from the same IP (different IP > >> for each warning message) followed by a UDP packet from a nother IP. Any > >> ideas what's being attempted? > >> > >> I'm not particularly worried, I've run a port scan and everything is > >> stealthed and unresponsive, but I'd like to know. > >> > >> Simon > >> -- > >> info@xxxxxxxxxxxxxxxxxxxxxx > >> www.oldhouse-cottage.co.uk > >> > >> > > > > The first thought that comes to mind is that may be an attempt to > > exploit the fairly recent DNS vulnerabilities. You could suss that by > > the ports the packet are aimed at. Like Steph says, it is fairly > > common. I'm curious if this came in over wireless or the ISP network? This is typical TCP Packet - Source:4.79.142.206 Destination:81.141.50.1 - [PORT SCAN] only one line today, yesterday was 10 lines and then a UDP packet from a different IP. I guess this is via the ISP. Wouldn't a wifi piggyback be aimed at an internal address? 2 PC's are wired and 1 wifi'd, all have IP's in the 10.0.x.x range and WPA2 encrytion. I did some scans on the ports mentioned, but all appeared OK. Simon -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/linux_adm/list-faq.html