[lug] route add -host attacks
Warren Sanders
sanders at MontanaLinux.Org
Wed Nov 14 14:55:37 MST 2001
Anyone know anything about a known virus or other wrappers adding hosts to your
route table? Earlier this week I asked about my corrupt route table but no
reply. I now have found (after hacking away at my machine daily) several
entries in my messages log:
Nov 14 13:50:06 Sandman portsentry[11928]: attackalert: SYN/Normal scan from
host: ms1.primatex.com.tw/211.23.141.22 to TCP port: 111
Nov 14 13:50:06 Sandman portsentry[11928]: attackalert: Host 211.23.141.22 has
been blocked via wrappers with string: "ALL: 211.23.141.22"
Nov 14 13:50:06 Sandman portsentry[11928]: attackalert: Host 211.23.141.22 has
been blocked via dropped route using command: "/sbin/route add -host 211.23.1
41.22 gw 127.0.0.1"
I have been getting these since mid October and seems to take a couple weeks to
kill your route table.
BTW: I'm on the @home network.
--
Warren Sanders
http://MontanaLinux.Org
More information about the LUG
mailing list