Tracing where it started

• Previous message (by thread): Tracing where it started
• Next message (by thread): Tracing where it started
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>It might be interesting if some people were to post when they received
>their first attack packet, and where it came from, if they happened to
>be logging. 
>
>Here is the first packet we logged:
>Jan 25 00:29:37 EST 216.66.11.120

A quick followup to my previous message.  I found an earlier attempt in the
*:29 window on my home firewall.  I don't know if this is due to Cisco
logging lag or what.  In any case, its interesting how relatively close it
is to Phil's IP, but they are different networks.  Again the time is in
MDT:

Jan 24 22:29:25 chariot kernel: fp=UDP-FORWARD:1 a=DROP IN=eth0 OUT=eth3
SRC=216.64.162.15 DST=166.70.201.243 LEN=404 TOS=0x00 PREC=0x00 TTL=111 ID=4917
PROTO=UDP SPT=2958 DPT=1434 LEN=384 

• Previous message (by thread): Tracing where it started
• Next message (by thread): Tracing where it started
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]