From: Ernie G. <ern...@ho...> - 2008-03-31 21:46:15
|
I have pages of log entries that look like this: 23:29:41kernelNEW not SYN? IN=eth0 OUT=eth2 SRC=192.168.2.11 DST=216.155.193.179 LEN=85 TOS=0x 00 PREC=0x00 TTL=63 ID=17979 DF PROTO=TCP SPT=36409 DPT=5050 WINDOW=413 RES=0x00 ACK PSH URGP=0 23:29:37kernelNEW not SYN? IN=eth0 OUT=eth2 SRC=192.168.2.11 DST=207.46.106.61 LEN=57 TOS=0x00 PREC=0x00 TTL=63 ID=33447 DF PROTO=TCP SPT=40099 DPT=1863 WINDOW=1212 RES=0x00 ACK PSH URGP=0 23:28:44kernelNEW not SYN? IN=eth0 OUT=eth2 SRC=192.168.2.11 DST=216.155.193.179 LEN=85 TOS=0x 00 PREC=0x00 TTL=63 ID=17978 DF PROTO=TCP SPT=36409 DPT=5050 WINDOW=413 RES=0x00 ACK PSH URGP=0 23:28:43kernelNEW not SYN? IN=eth0 OUT=eth2 SRC=192.168.2.11 DST=207.46.106.61 LEN=57 TOS=0x00 PREC=0x00 TTL=63 ID=33446 DF PROTO=TCP SPT=40099 DPT=1863 WINDOW=1212 RES=0x00 ACK PSH URGP=0 23:28:16kernelNEW not SYN? IN=eth0 OUT=eth2 SRC=192.168.2.11 DST=207.46.106.61 LEN=57 TOS=0x00 PREC=0x00 TTL=63 ID=33445 DF PROTO=TCP SPT=40099 DPT=1863 WINDOW=1212 RES=0x00 ACK PSH URGP=0 23:28:15kernelNEW not SYN? IN=eth0 OUT=eth2 SRC=192.168.2.11 DST=216.155.193.179 LEN=85 TOS=0x 00 PREC=0x00 TTL=63 ID=17977 DF PROTO=TCP SPT=36409 DPT=5050 WINDOW=413 RES=0x00 ACK PSH URGP=0 23:28:01kernelNEW not SYN? IN=eth0 OUT=eth2 SRC=192.168.2.11 DST=216.155.193.179 LEN=85 TOS=0x 00 PREC=0x00 TTL=63 ID=17976 DF PROTO=TCP SPT=36409 DPT=5050 WINDOW=413 RES=0x00 ACK PSH URGP=0 23:27:54kernelNEW not SYN? IN=eth0 OUT=eth2 SRC=192.168.2.11 DST=216.155.193.179 LEN=85 TOS=0x 00 PREC=0x00 TTL=63 ID=17975 DF PROTO=TCP SPT=36409 DPT=5050 WINDOW=413 RES=0x00 ACK PSH URGP=0 Is this some kind of attack? Is there something I can/should do about it? Thanks. Ernie Grossmann _________________________________________________________________ Test your Star IQ http://club.live.com/red_carpet_reveal.aspx?icid=redcarpet_HMTAGMAR |