Koozali.org: home of the SME Server

Legacy Forums => Experienced User Forum => Topic started by: ergozd on March 24, 2004, 09:03:23 AM

Title: Hacking attack ?
Post by: ergozd on March 24, 2004, 09:03:23 AM

What do you think is happening ?

Mar 23 17:07:26 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=66.194.6.76 DST=192.168.1.4 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=17572 DF PROTO=TCP SPT=49258 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 17:07:26 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=66.194.6.76 DST=192.168.1.4 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=18425 DF PROTO=TCP SPT=49259 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 17:07:29 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=66.194.6.76 DST=192.168.1.4 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=17573 DF PROTO=TCP SPT=49258 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 17:07:29 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=66.194.6.76 DST=192.168.1.4 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=18426 DF PROTO=TCP SPT=49259 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 17:07:35 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=66.194.6.76 DST=192.168.1.4 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=17574 DF PROTO=TCP SPT=49258 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 17:07:35 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=66.194.6.76 DST=192.168.1.4 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=18427 DF PROTO=TCP SPT=49259 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 18:50:37 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=217.208.187.241 DST=192.168.1.4 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=25436 DF PROTO=TCP SPT=2557 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Mar 23 18:50:40 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=217.208.187.241 DST=192.168.1.4 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=25500 DF PROTO=TCP SPT=2557 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Mar 23 19:47:07 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=194.183.20.4 DST=192.168.1.4 LEN=48 TOS=0x00 PREC=0x00 TTL=102 ID=56128 DF PROTO=TCP SPT=1971 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Mar 23 19:47:10 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=194.183.20.4 DST=192.168.1.4 LEN=48 TOS=0x00 PREC=0x00 TTL=102 ID=57056 DF PROTO=TCP SPT=1971 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Mar 23 21:45:52 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=195.166.232.4 DST=192.168.1.4 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=37380 DF PROTO=TCP SPT=3525 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Mar 23 21:45:55 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=195.166.232.4 DST=192.168.1.4 LEN=48 TOS=0x00 PREC=0x00 TTL=111 ID=37962 DF PROTO=TCP SPT=3525 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Mar 23 21:50:30 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=64.210.196.198 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=10593 DF PROTO=TCP SPT=46910 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:50:33 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=64.210.196.198 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=10594 DF PROTO=TCP SPT=46910 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:50:39 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=64.210.196.198 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=10595 DF PROTO=TCP SPT=46910 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:50:51 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=64.210.196.198 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=10596 DF PROTO=TCP SPT=46910 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:51:15 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=64.210.196.198 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=10597 DF PROTO=TCP SPT=46910 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:51:30 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=64.210.196.198 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=14917 DF PROTO=TCP SPT=50818 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:51:33 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=64.210.196.198 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=14918 DF PROTO=TCP SPT=50818 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:51:39 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=64.210.196.198 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=14919 DF PROTO=TCP SPT=50818 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:51:51 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=64.210.196.198 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=14920 DF PROTO=TCP SPT=50818 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:52:15 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=64.210.196.198 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=14921 DF PROTO=TCP SPT=50818 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:53:02 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=66.196.65.39 DST=192.168.1.4 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=21350 DF PROTO=TCP SPT=57641 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:53:03 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=64.210.196.198 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=14922 DF PROTO=TCP SPT=50818 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:53:05 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=66.196.65.39 DST=192.168.1.4 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=21351 DF PROTO=TCP SPT=57641 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:53:11 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=66.196.65.39 DST=192.168.1.4 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=21352 DF PROTO=TCP SPT=57641 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:53:23 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=66.196.65.39 DST=192.168.1.4 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=21353 DF PROTO=TCP SPT=57641 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:53:30 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=64.210.196.198 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=61201 DF PROTO=TCP SPT=34146 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:53:33 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=64.210.196.198 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=61202 DF PROTO=TCP SPT=34146 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:53:39 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=64.210.196.198 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=61203 DF PROTO=TCP SPT=34146 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:53:47 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=66.196.65.39 DST=192.168.1.4 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=21354 DF PROTO=TCP SPT=57641 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:53:51 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=64.210.196.198 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=61204 DF PROTO=TCP SPT=34146 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:54:15 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=64.210.196.198 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=61205 DF PROTO=TCP SPT=34146 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:55:03 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=64.210.196.198 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=61206 DF PROTO=TCP SPT=34146 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:55:30 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=64.210.196.198 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=30547 DF PROTO=TCP SPT=45109 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:55:33 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=64.210.196.198 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=30548 DF PROTO=TCP SPT=45109 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:55:39 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=64.210.196.198 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=30549 DF PROTO=TCP SPT=45109 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 21:55:51 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=64.210.196.198 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=49 ID=30550 DF PROTO=TCP SPT=45109 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0
Mar 23 23:54:12 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=195.92.95.94 DST=192.168.1.4 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=2354 DF PROTO=TCP SPT=2951 DPT=80 WINDOW=32768 RES=0x00 SYN URGP=0
Mar 23 23:54:15 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=195.92.95.94 DST=192.168.1.4 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=2700 DF PROTO=TCP SPT=2951 DPT=80 WINDOW=32768 RES=0x00 SYN URGP=0
Mar 23 23:54:18 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=195.92.95.94 DST=192.168.1.4 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=2939 DF PROTO=TCP SPT=2951 DPT=80 WINDOW=32768 RES=0x00 SYN URGP=0
Mar 23 23:54:22 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=195.92.95.94 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=3229 DF PROTO=TCP SPT=2951 DPT=80 WINDOW=32768 RES=0x00 SYN URGP=0
Mar 23 23:54:25 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=195.92.95.94 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=3528 DF PROTO=TCP SPT=2951 DPT=80 WINDOW=32768 RES=0x00 SYN URGP=0
Mar 23 23:54:27 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=195.92.95.94 DST=192.168.1.4 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=3714 DF PROTO=TCP SPT=3062 DPT=80 WINDOW=32768 RES=0x00 SYN URGP=0
Mar 23 23:54:30 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=195.92.95.94 DST=192.168.1.4 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=3987 DF PROTO=TCP SPT=3062 DPT=80 WINDOW=32768 RES=0x00 SYN URGP=0
Mar 23 23:54:33 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=195.92.95.94 DST=192.168.1.4 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=4225 DF PROTO=TCP SPT=3062 DPT=80 WINDOW=32768 RES=0x00 SYN URGP=0
Mar 23 23:54:37 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=195.92.95.94 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=4525 DF PROTO=TCP SPT=3062 DPT=80 WINDOW=32768 RES=0x00 SYN URGP=0
Mar 23 23:54:40 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=195.92.95.94 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=4723 DF PROTO=TCP SPT=3062 DPT=80 WINDOW=32768 RES=0x00 SYN URGP=0
Mar 23 23:54:43 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=195.92.95.94 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=5087 DF PROTO=TCP SPT=3062 DPT=80 WINDOW=32768 RES=0x00 SYN URGP=0
Mar 23 23:54:49 erginsme04 kernel: denylog:IN=eth0 OUT= MAC=00:80:5f:b7:20:d2:00:05:5d:d5:6d:8e:08:00 SRC=195.92.95.94 DST=192.168.1.4 LEN=44 TOS=0x00 PREC=0x00 TTL=48 ID=5748 DF PROTO=TCP SPT=3062 DPT=80 WINDOW=32768 RES=0x00 SYN URGP=0

Title: Masq Logs
Post by: ldkeen on March 24, 2004, 11:24:26 AM

All the trouble seems to be directed at one of your clients on the LAN (192.168.1.4). I dunno - are you running a webserver on that client (DPT=80)??

Title: Masq Logs
Post by: ldkeen on March 24, 2004, 11:25:32 AM

All the trouble seems to be directed at one of your clients on the LAN (192.168.1.4). I dunno - are you running a webserver on that client (DPT=80)??

Title: Hacking attack ?
Post by: ergozd on March 24, 2004, 04:16:07 PM

Yes, 192.168.1.4 is an e-smith 6.0 final Server-Only mode server.

It doesn't feel good to "turn off" MASQ.

I activated a Squid (on another regular RH Linux) so far and got things working.