I've seen this pattern showing up in my logs for the past few days, what
the hell is this guy trying to do?
Jun 5 16:52:11 discworld kernel: Packet log: input DENY eth0 PROTO=17
24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=56747 F=0x0000 T=128
(#5)
Jun 5 16:53:11 discworld kernel: Packet log: input DENY eth0 PROTO=17
24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=5292 F=0x0000 T=128
(#5)
Jun 5 16:54:11 discworld kernel: Packet log: input DENY eth0 PROTO=17
24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=18348 F=0x0000 T=128
(#5)
Jun 5 16:55:11 discworld kernel: Packet log: input DENY eth0 PROTO=17
24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=32172 F=0x0000 T=128
(#5)
Jun 5 16:56:11 discworld kernel: Packet log: input DENY eth0 PROTO=17
24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=45228 F=0x0000 T=128
(#5)
Jun 5 16:57:11 discworld kernel: Packet log: input DENY eth0 PROTO=17
24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=59052 F=0x0000 T=128
(#5)
Jun 5 16:58:11 discworld kernel: Packet log: input DENY eth0 PROTO=17
24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=6573 F=0x0000 T=128
(#5)
Jun 5 16:59:11 discworld kernel: Packet log: input DENY eth0 PROTO=17
24.237.48.54:2301 255.255.255.255:2301 L=40 S=0x00 I=20397 F=0x0000 T=128
(#5)
This is a snippet from the logs of my NAT/firewall at home, I am sitting
on a cable modem network and this IP belongs does belong to another cable
modem user, and I have emailed abuse@ with a snippet from my logs, I'm
just really curious if anyone knows what's going on? Is this a
misconfigured box or a deliberate probe of some kind?
Thanks.
"The only difference between me and a madman is that I am not mad."
- Salvador Dali
Josh Burroughs
Received on Jun 08 2000
Intro
