hi! I'm attaching a file containing excerpts from my syslog. Wanted to generate some discussion regarding interpretation of the entries.... fyi, I'm behind a proxy server.I've got iptables running. you can look at the file first, and then read on..
my two cents.. this is a malicious attempt-not innocent at all!! hint:same destination and source ports...
most certainly, the source IPs are spoofed, the attacker is within the LAN that i;m part of. hint:packet with a destination of all 255s...
I've also got snort running on the same machine....it didnt generate any alerts...
does anyone recognise any particular scanner's signature here? anyone know what particular exploit(s) this guy was looking for? inviting more inputs from u guys.
regards, kishor
__________________________________________________ Do You Yahoo!? Send your FREE holiday greetings online! http://greetings.yahoo.com