Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Intrusion or not ?
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
vibidoo
Guru
Guru


Joined: 27 Nov 2002
Posts: 409
PostPosted: Thu Jan 09, 2003 8:07 pm    Post subject: Intrusion or not ? Reply with quote
Hello and Happy new year to all
To test snort I activate in snort.conf the basic icmp.rules .

And this morning I found my windows machine crashed , the windows machine is behind a Linux firewall box ( Iptables , just masquerade )

So I opened my alert file on my linux box and I found this error :


Code:

--------------------------------------------------------------------------------

ICMP PING NMAP [***][Classification: Attempted Information Leak] [Priority: 2]
81.48.36.69 -> my Firewall_Linux IP
ICMP TTL:121 TOS:0x0 ID: 30255 IpLen:20 DgmLen:28
Type:8 Code:0 ID:57346 Seq:49434 ECHO
[Xref => arachnids 162]

--------------------------------------------------------------------------------


After consulting the arachnids database , it should ,not be consider as an attack but may be just a active host testing .
But the result is that my Windows machine was crashed .
What should I do to investigate more ?
And how a guy can attack my machine behind my Linux Firewall box ??
Back to top
View user's profile Send private message
puddpunk
l33t
l33t


Joined: 20 Jul 2002
Posts: 681
Location: New Zealand
PostPosted: Thu Jan 09, 2003 11:03 pm    Post subject: Reply with quote
Windows crashes, to do with internet data or not :)

Seriously though, Since your Windows box is running behind a firewall, TCP/IP's design prevents anybody from sending anything to that box, unless the windows machine initiates the contact.

Windows had a bug in it when it was sent OOB (Out Of Band) Data which caused a BSOD. That was nuking and back in the days of win95, and I wouldn't be surprised if something else had triggered a crash by accident.
Back to top
View user's profile Send private message
vibidoo
Guru
Guru


Joined: 27 Nov 2002
Posts: 409
PostPosted: Fri Jan 10, 2003 11:31 am    Post subject: Reply with quote
Could you tell me where I can find a port list subject to trojan ?

Because there are somebody who always initiate a connection on the port 4662 of my Firewall box
Back to top
View user's profile Send private message
puddpunk
l33t
l33t


Joined: 20 Jul 2002
Posts: 681
Location: New Zealand
PostPosted: Fri Jan 10, 2003 11:40 pm    Post subject: Reply with quote
It's a port open for edonkey filesharing. See here
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy