Reply

kernel intrusion

New Poster
bobby_laddo
Posts: 1
Registered: ‎22-08-2013

kernel intrusion

by bobby_laddo New Poster
Message 1 of 3 (1,226 Views)

i see a lot of attacks on my wan interface , looks like its from behind a proxy

 

Aug 22 18:26:42useralertkernel: Intrusion -> IN=pppoa0 OUT= MAC= src=200.206.118.190 DST=27.252.142.103 LEN=52 TOS=0x00 PREC=0x00 TTL=107 ID=16949 DF PROTO=TCP SPT=52893 DPT=445 WINDOW=8192 RES=0x00 SYN URGP=0
Aug 22 19:25:37sysloginfo-- MARK --
Aug 22 19:26:01useralertkernel: Intrusion -> IN=pppoa0 OUT= MAC= src=216.158.78.88 DST=27.252.142.103 LEN=64 TOS=0x00 PREC=0x00 TTL=117 ID=65535 DF PROTO=TCP SPT=4445 DPT=135 WINDOW=65535 RES=0x00 SYN URGP=0
Aug 22 19:42:37useralertkernel: Intrusion -> IN=pppoa0 OUT= MAC= src=77.102.248.207 DST=27.252.142.103 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=5262 DF PROTO=TCP SPT=55149 DPT=11779 WINDOW=8192 RES=0x00 SYN URGP=0
Aug 22 19:42:40useralertkernel: Intrusion -> IN=pppoa0 OUT= MAC= src=77.102.248.207 DST=27.252.142.103 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=9885 DF PROTO=TCP SPT=55149 DPT=11779 WINDOW=8192 RES=0x00 SYN URGP=0
Aug 22 19:42:46useralertkernel: Intrusion -> IN=pppoa0 OUT= MAC= src=77.102.248.207 DST=27.252.142.103 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=18249 DF PROTO=TCP SPT=55149 DPT=11779 WINDOW=8192 RES=0x00 SYN URGP=0
Aug 22 19:43:35useralertkernel: Intrusion -> IN=pppoa0 OUT= MAC= src=27.252.98.74 DST=27.252.142.103 LEN=52 TOS=0x00 PREC=0x00 TTL=59 ID=9125 DF PROTO=TCP SPT=13502 DPT=135 WINDOW=60352 RES=0x00 SYN URGP=0
Aug 22 19:46:31useralertkernel: Intrusion -> IN=pppoa0 OUT= MAC= src=222.186.13.12 DST=27.252.142.103 LEN=40 TOS=0x00 PREC=0x00 TTL=98 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Aug 22 19:55:14useralertkernel: Intrusion -> IN=pppoa0 OUT= MAC= src=142.4.38.61 DST=27.252.142.103 LEN=40 TOS=0x00 PREC=0x00 TTL=109 ID=256 PROTO=TCP SPT=6000 DPT=3306 WINDOW=16384 RES=0x00 SYN URGP=0
Aug 22 20:18:30useralertkernel: Intrusion -> IN=pppoa0 OUT= MAC= src=108.62.109.159 DST=27.252.142.103 LEN=40 TOS=0x00 PREC=0x00 TTL=110 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
Aug 22 20:23:26useralertkernel: Intrusion -> IN=pppoa0 OUT= MAC= src=115.28.10.50 DST=27.252.142.103 LEN=40 TOS=0x00 PREC=0x00 TTL=99 ID=256 PROTO=TCP SPT=6000 DPT=18186 WINDOW=16384 RES=0x00 SYN URGP=0
Aug 22 20:25:26useralertkernel: Intrusion -> IN=pppoa0 OUT= MAC= src=37.247.36.88 DST=27.252.142.103 LEN=60 TOS=0x00 PREC=0x00 TTL=48 ID=40383 DF PROTO=TCP SPT=61180 DPT=443 WINDOW=7300 RES=0x00 SYN URGP=0
Aug 22 20:25:37sysloginfo-- MARK --
Please use plain text.
Moderator
Moderator
Lon
Posts: 675
Registered: ‎01-03-2012

Re: kernel intrusion

by Moderator Moderator
Message 2 of 3 (1,166 Views)

Are you seeing unusually large volumes of bandwidth usage on your account? Those alerts seem pretty normal, I can't really see anything terribly worrisome to be honest. As long as your modem is rejecting the requests and you are not affected by throughput issues, I wouldn't worry too much about this.

 

Lon Sherrard
Community Moderator
Digital & Social Media
Vodafone New Zealand Ltd.
Email: onlinecare@vodafone.com

Please use plain text.
Ninja Master
johnr
Posts: 19,070
Registered: ‎06-08-2008

Re: kernel intrusion

by Ninja Master Ninja Master
Message 3 of 3 (1,159 Views)

attack that is not an attack

I volunteer my time here on the community helping out, Not an official member of the social media team

John Reader | Systems Engineer | Vodafone NZ | +6421323505
Please use plain text.
Stats
  • 2 Replies
  • 1y ago
  • 1,227 Views
  • 0 Kudos
  • 3 Contributors