On Saturday 10 September 2005 03:40, Opesh Alkara wrote: > I am getting some strange attacks on my gateway-firewall...here > is the scrap of the tcpdump command that displays the traffic > transaction on my gateway/firewall: > > [root@Firewall root]# tcpdump -i eth0 | grep microsoft > tcpdump: listening on eth0 > 14:45:46.636128 188.26.25.111.1796 > hacked.e-microsoft.net.http: > S 1395392512:1395392512(0) win 16384 > 14:45:47.136837 188.26.25.112.1217 > hacked.e-microsoft.net.http: > S 40173568:40173568(0) win 16384 > 14:45:47.637597 188.26.25.113.1271 > hacked.e-microsoft.net.http: > S 2122645504:2122645504(0) win 16384 The incrementing 188.26.25.... addresses seem to be unallocated. Possibly a spoofed source IP address trying to locate/infect a vulnerable http port. Is your own DNS resolving your machine/network as "hacked.e-microsoft.net"? I get NXDOMAIN here. $host e-microsoft.net Host e-microsoft.net not found: 3(NXDOMAIN) Regards, Mike Klinke -- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list
