LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Networking (http://www.linuxquestions.org/questions/linux-networking-3/)
-   -   Possible hacker attack? (http://www.linuxquestions.org/questions/linux-networking-3/possible-hacker-attack-4175436592/)

lpallard 11-10-2012 05:46 PM

Possible hacker attack?
 
Hi all!

I was looking for some kernel error messages in my Slackware server and I was surprised to see these messages in dmesg:

Code:

TCP: Peer 189.141.13.73:40859/48049 unexpectedly shrunk window 716235042:716237814 (repaired)
TCP: Peer 189.141.13.73:40859/48049 unexpectedly shrunk window 722205812:722207129 (repaired)
TCP: Peer 189.141.13.73:40859/48049 unexpectedly shrunk window 722205812:722207129 (repaired)
TCP: Peer 189.141.13.73:40859/48049 unexpectedly shrunk window 722205812:722207129 (repaired)
TCP: Peer 189.141.13.73:40859/48049 unexpectedly shrunk window 722205812:722207129 (repaired)
TCP: Peer 189.141.13.73:40859/48049 unexpectedly shrunk window 722205812:722207129 (repaired)
TCP: Peer 189.141.13.73:40859/48049 unexpectedly shrunk window 722245016:722246583 (repaired)
TCP: Peer 189.141.13.73:40859/48049 unexpectedly shrunk window 722245016:722246583 (repaired)
TCP: Peer 189.141.13.73:40859/48049 unexpectedly shrunk window 722245016:722246583 (repaired)
TCP: Peer 189.141.13.73:40859/48049 unexpectedly shrunk window 722245016:722246583 (repaired)
TCP: Peer 189.141.13.73:40859/48049 unexpectedly shrunk window 722245016:722246583 (repaired)
TCP: Peer 189.141.13.73:40859/48049 unexpectedly shrunk window 722245016:722246583 (repaired)
TCP: Peer 189.141.13.73:40859/48049 unexpectedly shrunk window 722950428:722951760 (repaired)
TCP: Peer 189.141.13.73:40859/48049 unexpectedly shrunk window 722989632:722990640 (repaired)

This IP is NOT from any clients I am using (all my internal clients use 192.168..., and my network is supposedly isolated from the wan side...

First of all, what does it mean, and second, have I bee attacked by a Mexican hacker? According to http://iplocation.truevue.org/189.141.13.73.html, the IP would be located somewhere in Mexico..

In my pfsense router (using Snort, Squidguard & firewall active), I see these lines in the firewall logs:

Code:

Nov 10 18:45:52        pf: 189.141.13.73.61905 > 24.212.252.21.6970: UDP, length 30
Nov 10 18:45:49        pf: 189.141.13.73.61905 > 24.212.252.21.6970: UDP, length 30
Nov 10 18:41:28        pf: 189.141.13.73.61905 > 24.212.252.21.6970: UDP, length 30
Nov 10 18:41:24        pf: 189.141.13.73.61905 > 24.212.252.21.6970: UDP, length 30
Nov 10 18:40:04        pf: 189.141.13.73.61905 > 24.212.252.21.6970: UDP, length 30
Nov 10 18:40:01        pf: 189.141.13.73.61905 > 24.212.252.21.6970: UDP, length 30
Nov 10 18:38:52        pf: 189.141.13.73.61905 > 24.212.252.21.6970: UDP, length 30
Nov 10 18:38:49        pf: 189.141.13.73.61905 > 24.212.252.21.6970: UDP, length 30
Nov 10 18:22:15        pf: 189.141.13.73.61905 > 24.212.252.21.6970: UDP, length 30
Nov 10 18:22:12        pf: 189.141.13.73.61905 > 24.212.252.21.6970: UDP, length 30
Nov 10 18:17:50        pf: 189.141.13.73.61905 > 24.212.252.21.6970: UDP, length 30
Nov 10 18:17:47        pf: 189.141.13.73.61905 > 24.212.252.21.6970: UDP, length 30
Nov 10 18:16:30        pf: 189.141.13.73.61905 > 24.212.252.21.6970: UDP, length 30
Nov 10 18:16:26        pf: 189.141.13.73.61905 > 24.212.252.21.6970: UDP, length 30
Nov 10 18:11:15        pf: 189.141.13.73.61905 > 24.212.252.21.6970: UDP, length 30
Nov 10 18:11:13        pf: 189.141.13.73.61905 > 24.212.252.21.6970: UDP, length 30
Nov 10 18:07:01        pf: 189.141.13.73.61905 > 24.212.252.21.6970: UDP, length 30
Nov 10 18:06:55        pf: 189.141.13.73.61905 > 24.212.252.21.6970: UDP, length 30

Id like to have some insight...

Thanks!!!

unSpawn 11-10-2012 06:44 PM

Quote:

Originally Posted by lpallard (Post 4826710)
what does it mean

http://www.linuxquestions.org/questi...2/#post3645782

lpallard 11-10-2012 06:47 PM

So I take that I shouldnt worry about that?

Nobody drinking tequila tried to hack my computers?

Its just that it is the first time I see this in dmesg and I've been running this server for 3 years now...


All times are GMT -5. The time now is 07:13 PM.