lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <1080324601.2145.7.camel@localhost>
From: dan at losangelescomputerhelp.com (Daniel H. Renner)
Subject: Reverse flow RPC?

Hello list,

We're running IPCop v1.4.0a10 on a DHCP ADSL connection.  Snort is the
IDS software installed.

I took a look-see at my firewall log for yesterday and saw four
instances of what appears to be reversed incoming RPC traffic on the Red
(WAN/eth2) side.

I had this sort of a scenario before, but it was reversed port 80
traffic. I Googled to no avail, and I also reported it to this list and
never was able to figure our what the heck causes this type of traffic,
so when it cropped up again I'm still at a loss - any clues?

  Time       Chain      Iface Proto   Source   Src Port   
MAC Address     Destination  Dst Port
21:01:42  NEW not SYN?  eth2  TCP  4.62.174.132  1025 
00:02:3b:01:6b:ed  4.62.xxx.xxx  1820
20:29:44  NEW not SYN?  eth2  TCP  4.62.174.132  1025 
00:02:3b:01:6b:ed  4.62.xxx.xxx  1509
19:57:13  NEW not SYN?  eth2  TCP  4.62.174.132  1025 
00:02:3b:01:6b:ed  4.62.xxx.xxx  1206
19:57:47  NEW not SYN?  eth2  TCP  4.62.174.132  1025 
00:02:3b:01:6b:ed  4.62.xxx.xxx  1966

-- 


TIA,

Dan Renner
President
Los Angeles Computerhelp
http://losangelescomputerhelp.com
818.352.8700



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ