[Cialug] Odd log entries on RH7.2 box

Bryan Baker cialug@cialug.org
Mon, 6 Dec 2004 14:49:29 -0600


http://www.fedoralegacy.org/

Though, they've dropped all the 7's but 7.3

On Dec 6, 2004, at 1:40 PM, Dave J. Hala Jr. wrote:
> Its too bad we can't get updates for RH 7.2 and 9.0, those were *great*
> distros.
>
> <whimper><whimper>
>
>
> On Mon, 2004-12-06 at 10:59, David Champion wrote:
>> Is that system all patched up? Is RH 7.2 still even supported? Might 
>> be
>> time to update.
>>
>> While no system is totally secure, something as old as RH 7.2 probably
>> has a significantly greater chance of being exploitable.
>>
>> If you haven't already, I'd check for evidence of an intrusion - i.e.
>> run chkrootkit, run "rpm -Va"...
>>
>> -dc
>>
>> timwilson011@mchsi.com wrote:
>>> I was looking through my logs, and I noticed some odd entries.  I am 
>>> seeing many
>>> ACCEPTed entries from ipchains (over 800 this week) in 
>>> /var/log/messages.  The
>>> source ports are 0, 3, 8, 11, and 12.  The dest ports are 0, 1, 3, 
>>> or 13.  I've
>>> looked up these ports at iana.org, but it says port 0, 8, and 12 are 
>>> reserved or
>>> unassigned (the dest ports of 1 and 13 are tcpmux and daytime).  I 
>>> don't have
>>> anything running on these ports.  For the ones trying to connect to 
>>> port 0, all
>>> but 43 came from one of 2 addresses, both of these addresses belong 
>>> to yahoo.com
>>> (for example, UNKNOWN-217-146-185-137.yahoo.com).  It seems odd to 
>>> me there
>>> would be access on these ports, especially port 0.  I'm curious if I 
>>> need to
>>> block any of the dest ports being hit.  Anyone have any ideas, 
>>> suggestions, or
>>> comments?  Why would these ports be accessed?
>>>
>>> --
>>> Tim W.
>>> _______________________________________________
>>> Cialug mailing list
>>> Cialug@cialug.org
>>> http://cialug.org/mailman/listinfo/cialug
>>>
>>
>>
>> _______________________________________________
>> Cialug mailing list
>> Cialug@cialug.org
>> http://cialug.org/mailman/listinfo/cialug
> -- 
>
> Open Source Information Systems (OSIS)
> Dave J. Hala Jr. <dave@osis.us>
> 641.485.1606
>
> _______________________________________________
> Cialug mailing list
> Cialug@cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
--
Bryan Baker
Technology Advocate
Iowa Legal Aid
Suite 230
1111 9th Street
Des Moines, Ia 50314-2527

(515) 243-2151 (x1635)

http://www.iowalegalaid.org
bbaker@iowalaw.org