hacked.e-microsoft.net attacks!!!
Mike Klinke
mklinke at axsi.com
Sat Sep 10 15:11:58 UTC 2005
On Saturday 10 September 2005 03:40, Opesh Alkara wrote:
> I am getting some strange attacks on my gateway-firewall...here
> is the scrap of the tcpdump command that displays the traffic
> transaction on my gateway/firewall:
>
> [root at Firewall root]# tcpdump -i eth0 | grep microsoft
> tcpdump: listening on eth0
> 14:45:46.636128 188.26.25.111.1796 > hacked.e-microsoft.net.http:
> S 1395392512:1395392512(0) win 16384
> 14:45:47.136837 188.26.25.112.1217 > hacked.e-microsoft.net.http:
> S 40173568:40173568(0) win 16384
> 14:45:47.637597 188.26.25.113.1271 > hacked.e-microsoft.net.http:
> S 2122645504:2122645504(0) win 16384
The incrementing 188.26.25.... addresses seem to be unallocated.
Possibly a spoofed source IP address trying to locate/infect a
vulnerable http port.
Is your own DNS resolving your machine/network as
"hacked.e-microsoft.net"? I get NXDOMAIN here.
$host e-microsoft.net
Host e-microsoft.net not found: 3(NXDOMAIN)
Regards, Mike Klinke
More information about the redhat-list
mailing list