Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

Just some information

Posted on 2004-09-02
2
340 Views
Last Modified: 2010-04-22
I wonder how to interprete the messages below correctly. The complete list is much longer but I guess this part will do.

Can someone explain in simple words what is happening and most important: can I or have I something to do about this? Are they getting something or is it just a message I get of the try?

The MAC=xxxxx is always the same. Is this the mac of my server or from the guy that wants to get in?

Thanks
Filips

Sep  1 04:18:30 bac-75 kernel: IN=eth0 OUT= MAC=00:11:3a:2e:9e:2a:00:81:70:80:b0:3f:18:00 SRC=220.79.245.153 DST=182.104.226.61 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=34076 DF PROTO=TCP SPT=2130 DPT=4899 WINDOW=65535 RES=0x00 SYN URGP=0
Sep  1 04:18:30 bac-75 kernel: IN=eth0 OUT= MAC=00:11:3a:2e:9e:2a:00:81:70:80:b0:3f:18:00 SRC=220.79.245.153 DST=182.104.226.62 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=34077 DF PROTO=TCP SPT=2131 DPT=4899 WINDOW=65535 RES=0x00 SYN URGP=0
Sep  1 04:18:30 bac-75 kernel: IN=eth0 OUT= MAC=00:11:3a:2e:9e:2a:00:81:70:80:b0:3f:18:00 SRC=220.79.245.153 DST=182.104.226.63 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=34078 DF PROTO=TCP SPT=2132 DPT=4899 WINDOW=65535 RES=0x00 SYN URGP=0
Sep  1 04:18:30 bac-75 kernel: IN=eth0 OUT= MAC=00:11:3a:2e:9e:2a:00:81:70:80:b0:3f:18:00 SRC=220.79.245.153 DST=182.104.226.64 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=34079 DF PROTO=TCP SPT=2133 DPT=4899 WINDOW=65535 RES=0x00 SYN URGP=0
Sep  1 04:18:30 bac-75 kernel: IN=eth0 OUT= MAC=00:11:3a:2e:9e:2a:00:81:70:80:b0:3f:18:00 SRC=220.79.245.153 DST=182.104.226.65 LEN=48 TOS=0x00 PREC=0x00 TTL=110 ID=34080 DF PROTO=TCP SPT=2134 DPT=4899 WINDOW=65535 RES=0x00 SYN URGP=0
Sep  1 04:23:57 bac-75 kernel: IN=eth0 OUT= MAC=00:11:3a:2e:9e:2a:00:81:70:80:b0:3f:18:00 SRC=212.204.185.189 DST=182.104.226.65 LEN=48 TOS=0x00 PREC=0x20 TTL=121 ID=57186 DF PROTO=TCP SPT=2416 DPT=2745 WINDOW=64240 RES=0x00 SYN URGP=0
Sep  1 04:23:57 bac-75 kernel: IN=eth0 OUT= MAC=00:11:3a:2e:9e:2a:00:81:70:80:b0:3f:18:00 SRC=212.204.185.189 DST=182.104.226.65 LEN=48 TOS=0x00 PREC=0x20 TTL=121 ID=57188 DF PROTO=TCP SPT=2418 DPT=1025 WINDOW=64240 RES=0x00 SYN URGP=0
Sep  1 04:23:57 bac-75 kernel: IN=eth0 OUT= MAC=00:11:3a:2e:9e:2a:00:81:70:80:b0:3f:18:00 SRC=212.204.185.189 DST=182.104.226.65 LEN=48 TOS=0x00 PREC=0x20 TTL=121 ID=57191 DF PROTO=TCP SPT=2421 DPT=6129 WINDOW=64240 RES=0x00 SYN URGP=0
Sep  1 04:24:00 bac-75 kernel: IN=eth0 OUT= MAC=00:11:3a:2e:9e:2a:00:81:70:80:b0:3f:18:00 SRC=212.204.185.189 DST=182.104.226.65 LEN=48 TOS=0x00 PREC=0x20 TTL=121 ID=57498 DF PROTO=TCP SPT=2416 DPT=2745 WINDOW=64240 RES=0x00 SYN URGP=0
Sep  1 04:24:00 bac-75 kernel: IN=eth0 OUT= MAC=00:11:3a:2e:9e:2a:00:81:70:80:b0:3f:18:00 SRC=212.204.185.189 DST=182.104.226.65 LEN=48 TOS=0x00 PREC=0x20 TTL=121 ID=57501 DF PROTO=TCP SPT=2418 DPT=1025 WINDOW=64240 RES=0x00 SYN URGP=0
Sep  1 04:24:00 bac-75 kernel: IN=eth0 OUT= MAC=00:11:3a:2e:9e:2a:00:81:70:80:b0:3f:18:00 SRC=212.204.185.189 DST=182.104.226.65 LEN=48 TOS=0x00 PREC=0x20 TTL=121 ID=57502 DF PROTO=TCP SPT=2421 DPT=6129 WINDOW=64240 RES=0x00 SYN URGP=0
Sep  1 04:24:07 bac-75 kernel: IN=eth0 OUT= MAC=00:11:3a:2e:9e:2a:00:81:70:80:b0:3f:18:00 SRC=212.204.185.189 DST=182.104.226.65 LEN=48 TOS=0x00 PREC=0x20 TTL=121 ID=58119 DF PROTO=TCP SPT=2416 DPT=2745 WINDOW=64240 RES=0x00 SYN URGP=0
Sep  1 04:24:07 bac-75 kernel: IN=eth0 OUT= MAC=00:11:3a:2e:9e:2a:00:81:70:80:b0:3f:18:00 SRC=212.204.185.189 DST=182.104.226.65 LEN=48 TOS=0x00 PREC=0x20 TTL=121 ID=58122 DF PROTO=TCP SPT=2418 DPT=1025 WINDOW=64240 RES=0x00 SYN URGP=0
Sep  1 04:24:07 bac-75 kernel: IN=eth0 OUT= MAC=00:11:3a:2e:9e:2a:00:81:70:80:b0:3f:18:00 SRC=212.204.185.189 DST=182.104.226.65 LEN=48 TOS=0x00 PREC=0x20 TTL=121 ID=58123 DF PROTO=TCP SPT=2421 DPT=6129 WINDOW=64240 RES=0x00 SYN URGP=0
Sep  1 04:42:32 bac-75 kernel: IN=eth0 OUT= MAC=00:11:3a:2e:9e:2a:00:81:70:80:b0:3f:18:00 SRC=210.116.107.30 DST=182.104.226.61 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=60425 DF PROTO=TCP SPT=2127 DPT=4899 WINDOW=65535 RES=0x00 SYN URGP=0
Sep  1 04:42:32 bac-75 kernel: IN=eth0 OUT= MAC=00:11:3a:2e:9e:2a:00:81:70:80:b0:3f:18:00 SRC=210.116.107.30 DST=182.104.226.62 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=60426 DF PROTO=TCP SPT=2128 DPT=4899 WINDOW=65535 RES=0x00 SYN URGP=0
Sep  1 04:42:32 bac-75 kernel: IN=eth0 OUT= MAC=00:11:3a:2e:9e:2a:00:81:70:80:b0:3f:18:00 SRC=210.116.107.30 DST=182.104.226.63 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=60427 DF PROTO=TCP SPT=2129 DPT=4899 WINDOW=65535 RES=0x00 SYN URGP=0
0
Comment
Question by:Filips
2 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 125 total points
ID: 11967795
Since you don't say I'm going to assume that eth0 is your outside interface and that you have more than one outside IP in the range 182.104.226.61-65.

The data presented look to be probes from various outside IPs for a vulnerable Radmin (windows) service.The Radmin service listens on 4899/TCP and all of the destination ports are that port (DPT=4899).

Since this is a Linux IPtables firewall there's no risk as long as you don't forward 4899/TCP to an internal windows box. I don't know what your iptables rules are and consequently don't know what is being logged, but I'd presume those log messages are as the result of the connection being denied & logged.
0
 
LVL 6

Author Comment

by:Filips
ID: 11968920
That was exactly what I wanted to hear. You made my day.

btw You are right. This server is on the internet and only has eth0 with 81-85 as ip's.

Thanks jlevie
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question