[bglug] Dubbi per collegamento a ISP

Jimmi bglug@lists.linux.it
Sun, 25 May 2003 08:50:21 +0200 

Ciao,

forse  sono un  po' paranoico  ma le  seguenti righe  che ho  trovato in
/var/log/messages mi preoccupano un po':

May 24 17:49:06 server pppd[427]: Connect: ppp0 <--> /dev/ttyS1
May 24 17:49:06 server pppd[427]: Remote message: Welcome
May 24 17:49:07 server pppd[427]: local  IP address 62.98.12.201
May 24 17:49:07 server pppd[427]: remote IP address 212.245.47.240
May 24 17:49:07 server pppd[427]: primary   DNS address 212.245.255.2
May 24 17:49:11 server logger: Shorewall Started
May 24 17:49:59 server kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
SRC=62.47.213.99 DST=62.98.12.201 LEN=48 TOS=0x00 PREC=0x40 TTL=108 
ID=51925 DF PROTO=TCP SPT=3514 DPT=17300 WINDOW=16384 RES=0x00 SYN URGP=0
May 24 17:50:46 server kernel: device ppp0 entered promiscuous mode
May 24 17:51:11 server kernel: device ppp0 left promiscuous mode
May 24 17:51:37 server kernel: device ppp0 entered promiscuous mode
May 24 17:52:02 server kernel: device ppp0 left promiscuous mode
May 24 17:52:42 server kernel: device ppp0 entered promiscuous mode
May 24 17:53:35 server kernel: device ppp0 left promiscuous mode
May 24 17:54:02 server kernel: device ppp0 entered promiscuous mode
May 24 17:55:58 server kernel: device ppp0 left promiscuous mode

BTW  l'indirizzo  fermato  dalla   firewall  e'  della  inwind.  Inoltre
nei  giorni precedenti  ho  notato frequenti  interventi della  firewall
su  indirizzi  dalla  provenienza  piu' strana:  Riga,  Cina,  Giappone,
Danimarca. Qualche esempio:

May 18 18:48:14 server kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
SRC=62.134.74.45 DST=62.98.29.222 LEN=283 TOS=0x00 PREC=0x40 TTL=108
ID=33133 PROTO=UDP SPT=1592 DPT=135 LEN=263
May 18 19:49:40 server kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
SRC=80.196.240.229 DST=62.98.29.222 LEN=48 TOS=0x00 PREC=0x40 TTL=106
ID=38657 DF PROTO=TCP SPT=4927 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0
May 18 20:15:07 server kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
SRC=62.84.29.250 DST=62.98.110.32 LEN=404 TOS=0x00 PREC=0x40 TTL=103
ID=51466 PROTO=UDP SPT=1038 DPT=1434 LEN=384
May 24 18:08:23 server kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC=
SRC=61.230.12.146 DST=62.98.30.222 LEN=48 TOS=0x00 PREC=0x40 TTL=103
ID=59978 DF PROTO=TCP SPT=4615 DPT=445 WINDOW=64800 RES=0x00 SYN URGP=0

Purtroppo, per ignavia,  non ho ancora imparato a  leggere queste righe;
qualche anima  pia mi sa'  indicare un  documento dove posso  trovare le
specifiche? E soprattutto mi devo preoccupare?
-- 
   ---       _     o        |    File reality.sys corrupted, Reboot     |
   / immi  ___   _/\_>      |               Universe? Y/N               |
(_/          -  O,> / O     |                                           |