Member
Registered: Oct 2002
Location: At my desk...
Distribution: RedHat, Fedora, Ubuntu
Posts: 344
Rep:
|
So whats all this mean to me?
My department has recently set up a new mail server. My supervisor has the kernel logwatch being forwarded to me and I am unsure of what to make of the output. A lot of it looks like random ppl trying to poke and prod the box for certain open ports. Now what I am most curious about are entries like these:
Denied packets from vmb-ext.prodigy.net (207.115.63.87).
Port 2305 (tcp,eth0,input): 6 packet(s).
Port 2283 (tcp,eth0,input): 7 packet(s).
Port 2131 (tcp,eth0,input): 8 packet(s).
Port 2238 (tcp,eth0,input): 4 packet(s).
Port 2349 (tcp,eth0,input): 10 packet(s).
Port 2162 (tcp,eth0,input): 9 packet(s).
Port 2206 (tcp,eth0,input): 8 packet(s).
Total of 52 packet(s).
Denied packets from vmg-ext.prodigy.net (207.115.63.93).
Port 2347 (tcp,eth0,input): 10 packet(s).
Port 2160 (tcp,eth0,input): 8 packet(s).
Port 2204 (tcp,eth0,input): 4 packet(s).
Port 2303 (tcp,eth0,input): 8 packet(s).
Port 2281 (tcp,eth0,input): 9 packet(s).
Port 2240 (tcp,eth0,input): 6 packet(s).
Port 2129 (tcp,eth0,input): 8 packet(s).
Total of 53 packet(s).
Denied packets from vmd-ext.prodigy.net (207.115.63.89).
Port 2301 (tcp,eth0,input): 8 packet(s).
Port 2228 (tcp,eth0,input): 6 packet(s).
Port 2335 (tcp,eth0,input): 10 packet(s).
Port 2141 (tcp,eth0,input): 6 packet(s).
Port 2273 (tcp,eth0,input): 8 packet(s).
Port 2214 (tcp,eth0,input): 6 packet(s).
Port 2179 (tcp,eth0,input): 4 packet(s).
Total of 48 packet(s).
Denied packets from vm7-ext.prodigy.net (207.115.63.121).
Port 2338 (tcp,eth0,input): 8 packet(s).
Port 2139 (tcp,eth0,input): 6 packet(s).
Port 2272 (tcp,eth0,input): 6 packet(s).
Port 2217 (tcp,eth0,input): 9 packet(s).
Port 2178 (tcp,eth0,input): 6 packet(s).
Port 2300 (tcp,eth0,input): 9 packet(s).
Port 2227 (tcp,eth0,input): 8 packet(s).
Total of 52 packet(s).
Denied packets from vmi-ext.prodigy.net (207.115.63.96).
Port 2241 (tcp,eth0,input): 8 packet(s).
Port 2181 (tcp,eth0,input): 10 packet(s).
Port 2339 (tcp,eth0,input): 6 packet(s).
Port 2296 (tcp,eth0,input): 8 packet(s).
Port 2208 (tcp,eth0,input): 6 packet(s).
Port 2145 (tcp,eth0,input): 6 packet(s).
Port 2269 (tcp,eth0,input): 8 packet(s).
Total of 52 packet(s).
Denied packets from vmh-ext.prodigy.net (207.115.63.97).
Port 2299 (tcp,eth0,input): 8 packet(s).
Port 2275 (tcp,eth0,input): 9 packet(s).
Port 2216 (tcp,eth0,input): 6 packet(s).
Port 2177 (tcp,eth0,input): 9 packet(s).
Port 2230 (tcp,eth0,input): 6 packet(s).
Port 2337 (tcp,eth0,input): 8 packet(s).
Port 2137 (tcp,eth0,input): 9 packet(s).
Total of 55 packet(s).
And so on... my box has been hit by someone from the 207.115.63 network for the past few days. Are they slowly port scanning me? What should I make of this?
I am also seeing a lot of these as well:
Denied packets from performance-104.sef.pnap.net (63.251.161.104).
Port 0 (icmp,eth0,input): 6 packet(s).
Total of 6 packet(s).
Denied packets from performance-test-67.lax.pnap.net (216.52.254.67).
Port 0 (icmp,eth0,input): 6 packet(s).
Total of 6 packet(s).
Denied packets from performance-test-72.lax.pnap.net (216.52.254.72).
Port 0 (icmp,eth0,input): 6 packet(s).
Total of 6 packet(s).
Denied packets from performance-233.nyc.pnap.net (216.223.48.233).
Port 0 (icmp,eth0,input): 8 packet(s).
Total of 8 packet(s).
Any ideas of what this is all about. I am new to the sysadmin realm and don't know a whole lot about security.
Thanks in advance...
|