Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: firewall abusing

firewall abusing

From: Przemyslaw Frasunek <venglin_at_FREEBSD.LUBLIN.PL>
Date: Tue, 7 Mar 2000 19:08:01 +0100

we've noticed some suspicious packets from nat242.ia4u.net. attacker tried
to bypass firewall and send something to port 137 on our router (212.182.118.90)
and whole network (212.182.115.0/28):

Mar 7 18:41:25 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.70:33445 212.182.118.90:33456 in via tun0
Mar 7 18:41:30 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.70:33445 212.182.118.90:33457 in via tun0
Mar 7 18:41:35 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.70:33445 212.182.118.90:33458 in via tun0
Mar 7 18:44:40 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.1:137 in via tun0
Mar 7 18:44:41 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.1:137 in via tun0
Mar 7 18:44:43 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.1:137 in via tun0
Mar 7 18:44:55 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.2:137 in via tun0
Mar 7 18:44:55 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.2:137 in via tun0
Mar 7 18:44:56 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.2:137 in via tun0
Mar 7 18:44:56 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.2:137 in via tun0
Mar 7 18:45:07 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.3:137 in via tun0
Mar 7 18:45:08 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.3:137 in via tun0
Mar 7 18:45:09 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.3:137 in via tun0
Mar 7 18:45:10 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.3:137 in via tun0
Mar 7 18:45:16 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.4:137 in via tun0
Mar 7 18:45:16 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.4:137 in via tun0
Mar 7 18:45:18 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.4:137 in via tun0
Mar 7 18:45:28 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.5:137 in via tun0
Mar 7 18:45:29 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.5:137 in via tun0
Mar 7 18:45:29 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.5:137 in via tun0
Mar 7 18:45:35 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.6:137 in via tun0
Mar 7 18:45:37 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.6:137 in via tun0
Mar 7 18:45:37 lubi /kernel: ipfw: 10500 Deny UDP 0.0.0.0:68 255.255.255.255:67 in via ed0
Mar 7 18:45:39 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.6:137 in via tun0
Mar 7 18:45:39 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.6:137 in via tun0
Mar 7 18:45:43 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.7:137 in via tun0
Mar 7 18:45:44 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.7:137 in via tun0
Mar 7 18:45:44 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.7:137 in via tun0
Mar 7 18:45:46 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.7:137 in via tun0
Mar 7 18:45:46 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.7:137 in via tun0
Mar 7 18:45:57 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.8:137 in via tun0
Mar 7 18:45:58 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.8:137 in via tun0
Mar 7 18:45:58 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.8:137 in via tun0
Mar 7 18:46:00 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.8:137 in via tun0
Mar 7 18:46:07 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.9:137 in via tun0
Mar 7 18:46:07 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.9:137 in via tun0
Mar 7 18:46:11 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.10:137 in via tun0
Mar 7 18:46:13 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.10:137 in via tun0
Mar 7 18:46:20 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.11:137 in via tun0
Mar 7 18:46:21 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.11:137 in via tun0
Mar 7 18:46:21 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.11:137 in via tun0
Mar 7 18:46:22 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.11:137 in via tun0
Mar 7 18:46:22 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.11:137 in via tun0
Mar 7 18:46:28 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.12:137 in via tun0
Mar 7 18:46:28 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.12:137 in via tun0
Mar 7 18:46:30 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.12:137 in via tun0
Mar 7 18:46:30 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.12:137 in via tun0
Mar 7 18:46:36 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.13:137 in via tun0
Mar 7 18:46:36 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.13:137 in via tun0
Mar 7 18:46:37 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.13:137 in via tun0
Mar 7 18:46:37 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.13:137 in via tun0
Mar 7 18:46:45 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.14:137 in via tun0
Mar 7 18:46:45 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.14:137 in via tun0
Mar 7 18:46:49 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.15:137 in via tun0
Mar 7 18:46:51 lubi /kernel: ipfw: 300 Deny UDP 192.168.0.1:137 212.182.115.15:137 in via tun0
Mar 7 18:46:51 lubi /kernel: ipfw: 10500 Deny UDP 206.157.110.242:137 212.182.115.15:137 in via tun0 

--
* Fido: 2:480/124 ** WWW: http://www.freebsd.lublin.pl ** NIC-HDL: PMF9-RIPE *
* Inet: venglin_at_freebsd.lublin.pl ** PGP: D48684904685DF43  EA93AFA13BE170BF *
Received on Mar 07 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos