When dealing with another problem with a client's server, I noticed a long list of suspicious stuff in the dmesg log - the suspicious lines are like this...
denylog: IN=eth1 OUT=MAC=xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx:xx SRC=80.239.201.17 DST=xxx.xxx.xxx.xxx LEN=60 TOS=0x00 PREC=0x00 TTL=61 ID=0 DF PROTO=TCP SPT=80 DPT=47923 WINDOW=5792 RES=0x00 ACK SYN URGP=0
There are loads of similar lines with groups of SRC addresses with the same initial pair of IP triplets and varying final pairs. each group is followed by lines of the form...
divert not allocating divert_blk for non-ethernet device ppp0
divert: no divert_blk to free, ppp0 not ethernet
The system is a dedicated server and gateway, with a static IP address pointed at an SMC ADSL router. The router has the ports for VPN opened. There is no sign of hostile activity inside the server itself.
I assume this is some sort of repeated attempt to get into the system; should I be doing anything about it?
Ed Form
2 Replies
654 Views