You are not logged in.
- Topics: Active | Unanswered
#1 2008-03-12 16:31:03
- Mulac
- Member
- Registered: 2008-02-03
- Posts: 29
Security issue? (SOLVED - Log message)
At the end of dmesg, I get:
IN=ppp0 OUT= MAC= SRC=128.194.135.81 DST=89.172.41.181 LEN=60 TOS=0x00 PREC=0x00 TTL=104 ID=9868 PROTO=UDP SPT=3397 DPT=53 LEN=40
never seen anything like this, even don't know how to call that..is it security issue?
Thx
Last edited by Mulac (2008-03-12 16:59:34)
Offline
#2 2008-03-12 16:45:37
- srimalik
- Member
- Registered: 2007-09-16
- Posts: 65
Re: Security issue? (SOLVED - Log message)
this seems to be a log message from one of the TCP/IP stack layers, what made you feel that its related to security?
Did you install/upgrade anything after whichyou stated seeing this message?
I tried whois on the ip address:
[root@L3-LR893 ~]# whois 128.194.135.81
OrgName: Texas A&M University
OrgID: TAMU
Address: Network Services
Address: Computing & Information Services
Address: Mail Stop 3142
City: College Station
StateProv: TX
PostalCode: 77843-3142
Country: US
NetRange: 128.194.0.0 - 128.194.255.255
CIDR: 128.194.0.0/16
#####################
[root@L3-LR893 ~]# whois 89.172.41.181
% This is the RIPE Whois query server #3.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '89.172.32.0 - 89.172.63.255'
inetnum: 89.172.32.0 - 89.172.63.255
netname: T-HT
descr: T-Com Croatia Internet network
descr: Croatian Telecom Inc., Zagreb, Croatia
country: HR
admin-c: THT8-RIPE
tech-c: THT8-RIPE
rev-srv: dns1.t-com.hr
##############################
Offline
#3 2008-03-12 16:54:59
- Mulac
- Member
- Registered: 2008-02-03
- Posts: 29
Re: Security issue? (SOLVED - Log message)
Thx on quick reply srimalik.
Actually, after repartitioning the whole hard drive, I made a fresh reinstall of my Arch. After that I saw the output like above. Checked on shileds up - test passed - all common/service ports appears Stealth. However, because it's first time to me to see something like that, it made me suspicious if something goes wrong. The first IP address may be used by skype (I'm running it at the time together with bitorrent) and the second is my machine address (provider in Croatia).
Just was confused what was that. If no security hole - no problem :-)
Thx again
Edited: reason: typo
Last edited by Mulac (2008-03-12 16:55:57)
Offline
#4 2008-03-12 17:17:29
- peart
- Member
- From: Kanuckistan
- Registered: 2003-07-28
- Posts: 510
Re: Security issue? (SOLVED - Log message)
That message is from iptables. Someone was trying to use you as a DNS server it would appear, as port 53 is for DNS. iptables blocked it, so no worries.
Offline
#5 2008-03-12 17:32:21
- Mulac
- Member
- Registered: 2008-02-03
- Posts: 29
Re: Security issue? (SOLVED - Log message)
Thx peart,
good to know that iptables works.
Offline