[plug] /newbie ..... nslookup
Earnshaw, Mike
earnshawm at wa.switch.aust.com
Mon May 22 10:38:13 WST 2000
List,
When reviewing the logs I come across several access attempts that have been
denied by the kernel on weird ports. I do an nslookup on the requesting IP
and often get a message that the domain is non-existent. However when I ping
the IP I get a response.
I am assuming these are "attacks" of some sort and wondered if there are
other ways of finding out who/where they are coming from. Maybe tonight's
SAGE seminar will be beneficial here?
An example is included below:
====example==
May 20 22:27:15 usswa kernel: Packet log: input DENY ppp0 PROTO=6
206.103.12.131:2658 139.130.81.81:21 L=44 S=0x00 I=3586 F=0x4000 T=113 SYN
(#40)
====end example===
Thanks
----------------------------------------------------------------------------
Mike Earnshaw | "It don't mean a thing if | e-mail in header
Computer Systems | you cain't get that Ping...." | Tel: +61 8 9256 1099
Support | Duke Ellington, 1932 | Fax: +61 8 9256 1199
----------------------------------------------------------------------------
Union Switch & Signal, 24 Bannick Court, Canning Vale, WA 6155, Australia
----------------------------------------------------------------------------
More information about the plug
mailing list