Results 1 to 2 of 2
  1. #1
    Join Date
    Aug 2001

    IN_TCP DROP ... eth0,none

    Been running a dedicated server for a while, this is the first time I've seen the following entries in my logs ... is this someone probing my system for an open relay, incipient of a dDos attack or something else? If so, aside from some IP Table Magic and/or blocking the errant IPs outright, what other counter measures would you suggest?

     --------------------- Kernel Begin ------------------------
    Dropped 14 packets on interface eth0
       From - 10 packets
          To - 10 packets
             Service: smtp (tcp/25) (** IN_TCP DROP **,eth0,none) - 10 packets
       From - 1 packet
          To - 1 packet
             Service: 1458 (tcp/1458) (** IN_TCP DROP **,eth0,none) - 1 packet
       From - 3 packets
          To - 3 packets
             Service: smtp (tcp/25) (** IN_TCP DROP **,eth0,none) - 3 packets
     ---------------------- Kernel End -------------------------
    Note, I've obfuscated my IP ranges ( ... 79)

  2. #2
    It looks to me like a port scan to find an open relay.

    You know, the type of crap done by spammers who want to abuse your box to spew their stuff.

    It also looks like our firewall dropped the connection like it was suppose to ... but don't take my word for it. Do your own tests! If you don't have any, then I suggest a visit to your bookstore and the associated website
    Hacking Exposed.

    That will get you started with tests, threat assessment levels and countermeasures.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts