hi!
I'm attaching a file containing excerpts from my
syslog.
Wanted to generate some discussion regarding
interpretation of the entries....
fyi, I'm behind a proxy server.I've got iptables
running.
you can look at the file first, and then read on..
my two cents..
this is a malicious attempt-not innocent at all!!
hint:same destination and source ports...
most certainly, the source IPs are spoofed, the
attacker is within the LAN that i;m part of.
hint:packet with a destination of all 255s...
I've also got snort running on the same machine....it
didnt generate any alerts...
does anyone recognise any particular scanner's
signature here?
anyone know what particular exploit(s) this guy was
looking for?
inviting more inputs from u guys.
regards,
kishor
__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com