|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Tracing where it started
>It might be interesting if some people were to post when they received >their first attack packet, and where it came from, if they happened to >be logging. > >Here is the first packet we logged: >Jan 25 00:29:37 EST 216.66.11.120 A quick followup to my previous message. I found an earlier attempt in the *:29 window on my home firewall. I don't know if this is due to Cisco logging lag or what. In any case, its interesting how relatively close it is to Phil's IP, but they are different networks. Again the time is in MDT: Jan 24 22:29:25 chariot kernel: fp=UDP-FORWARD:1 a=DROP IN=eth0 OUT=eth3 SRC=216.64.162.15 DST=166.70.201.243 LEN=404 TOS=0x00 PREC=0x00 TTL=111 ID=4917 PROTO=UDP SPT=2958 DPT=1434 LEN=384
|