[sclug] Gumpf in logcheck
Luke Hinds
lukehinds at gmail.com
Tue Jun 17 15:44:36 UTC 2008
*eletrohosting.com.br
<contatos at eletrohosting.com.br?subject=eletrohosting>*is sending you
SYN requests to initiate a connection to
89.127.144.227 (your pubic interface?) port 32000 (which as far as I can
tell is normally used by a java service wrapper)
It looks like you have a DENY in place for 32000 so no connection could be
established and thus no SYN-ACK is replied.
Judging by the fair sized timestamp intervals it looks harmless (but don't
quote me on that!)
If the tempo of requests were higher it could be deemed a syn flood;
http://en.wikipedia.org/wiki/SYN_flood
Luke
On Tue, Jun 17, 2008 at 4:21 PM, Tim Sutton <tim at linfiniti.com> wrote:
> Hi all
>
> Every hour logcheck sends me an email report. For the most part I get
> stuff like this:
>
> Jun 17 02:04:08 linfiniti kernel: IN=eth0 OUT=
> MAC=00:13:20:17:d8:bb:00:1c:58:31:53:7f:08:00 SRC=64.246.48.73
> DST=89.127.144.227 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=4954 DF
> PROTO=TCP SPT=1780 DPT=32000 WINDOW=65535 RES=0x00 SYN URGP=0
> Jun 17 02:04:11 linfiniti kernel: IN=eth0 OUT=
> MAC=00:13:20:17:d8:bb:00:1c:58:31:53:7f:08:00 SRC=64.246.48.73
> DST=89.127.144.226 LEN=52 TOS=0x00 PREC=0x00 TTL=63 ID=7454 DF
> PROTO=TCP SPT=1779 DPT=32000 WINDOW=65535 RES=0x00 SYN URGP=0
> Jun 17 02:42:27 linfiniti kernel: IN=eth0 OUT=
> MAC=00:13:20:17:d8:bb:00:1c:58:31:53:7f:08:00 SRC=222.1.40.116
> DST=89.127.144.227 LEN=404 TOS=0x00 PREC=0x00 TTL=108 ID=64061
> PROTO=UDP SPT=1100 DPT=1434 LEN=384
>
> My questions are:
>
> 1) what do they mean (in plain english)?
>
> 2) if they are no cause for concern, how can I get rid of them? I
> googled the subject and one option seems to be to use iptable_drop.
> This seems to be a kernel module, unavailable in apt and I dont want
> to start mucking arund with the kernel on my production debian server.
>
> I'm hoping to pare down the logcheck reports to include just things I
> should actually be concerned about....or maybe thats exactly what its
> doing ....
>
>
> Thanks!
>
> Regards
>
>
>
> --
> Tim Sutton
> QGIS Project Steering Committee Member - Release Manager
> Visit http://qgis.org for a great open source GIS
> openModeller Desktop Developer
> Visit http://openModeller.sf.net for a great open source ecological
> niche modelling tool
> Home Page: http://tim.linfiniti.com
> Skype: timlinux
> Irc: timlinux on #qgis at freenode.net
>
More information about the Sclug
mailing list