Port 6129 Hits?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Has a new worm popped up using port 6129? I am starting to see a lot of
UNPRIVPORTS to UNPRIVPORTS rejects in my log:

Jan 10 02:28:37 www kernel: unprivil IN=eth0 OUT=
MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=209.74.22.108
DST=192.168.1.95 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=33358 DF PROTO=TCP
SPT=20954 DPT=6129 WINDOW=65535 RES=0x00 SYN URGP=0

Jan 10 08:16:45 www kernel: unprivil IN=eth0 OUT=
MAC=00:d0:09:3d:69:81:00:04:5a:ef:5e:1d:08:00 SRC=193.77.158.81
DST=192.168.1.95 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=4089 DF PROTO=TCP
SPT=2595 DPT=6129 WINDOW=64240 RES=0x00 SYN URGP=0

[$]egrep '192.168.1.95.*6129' /var/log/linksys.log | wc -l
     93







-- 
redhat-list mailing list
unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]

  Powered by Linux