hacked.e-microsoft.net attacks!!!

Opesh Alkara opeshalkara at gmail.com
Sat Sep 10 08:40:39 UTC 2005 

Hi Group,

I run RHEL ES 3.0, kernel 2.4.21-27.0.1.EL with IPtables as firewall....

I am getting some strange attacks on my gateway-firewall...here is the scrap 
of the tcpdump command that displays the traffic transaction on my 
gateway/firewall:

[root at Firewall root]# tcpdump -i eth0 | grep microsoft
tcpdump: listening on eth0
14:45:46.636128 188.26.25.111.1796 > hacked.e-microsoft.net.http: S 
1395392512:1395392512(0) win 16384
14:45:47.136837 188.26.25.112.1217 > hacked.e-microsoft.net.http: S 
40173568:40173568(0) win 16384
14:45:47.637597 188.26.25.113.1271 > hacked.e-microsoft.net.http: S 
2122645504:2122645504(0) win 16384
14:45:48.138274 188.26.25.114.1623 > hacked.e-microsoft.net.http: S 
1886519296:1886519296(0) win 16384
14:45:48.639106 188.26.25.115.1713 > hacked.e-microsoft.net.http: S 
536215552:536215552(0) win 16384
14:45:49.139757 188.26.25.116.1541 > hacked.e-microsoft.net.http: S 
1795227648:1795227648(0) win 16384
14:45:49.640460 188.26.25.117.1286 > hacked.e-microsoft.net.http: S 
931528704:931528704(0) win 16384
14:46:24.414942 192.168.2.124.1060 > 65.53.141.93.microsoft-ds: S 
2943232226:2943232226(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
14:47:06.524061 192.168.2.124.1063 > 65.53.141.93.microsoft-ds: S 
1414470707:1414470707(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
14:47:18.559278 192.168.2.124.1065 > 65.53.192.13.microsoft-ds: S 
3528415518:3528415518(0) win 16384 <mss 1460,nop,nop,sackOK> (DF)
14:48:19.849458 188.26.20.195.1041 > hacked.e-microsoft.net.http: S 
415105024:415105024(0) win 16384
14:48:20.346990 188.26.20.196.1474 > hacked.e-microsoft.net.http: S 
1030488064:1030488064(0) win 16384
14:48:22.349682 188.26.20.200.1491 > hacked.e-microsoft.net.http: S 
782630912:782630912(0) win 16384
14:48:23.351150 188.26.20.202.1590 > hacked.e-microsoft.net.http: S 
10027008:10027008(0) win 16384
14:48:24.352641 188.26.20.204.1698 > hacked.e-microsoft.net.http: S 
1303838720:1303838720(0) win 16384
14:48:24.853235 188.26.20.205.1442 > hacked.e-microsoft.net.http: S 
968032256:968032256(0) win 16384
14:48:25.354003 188.26.20.206.1527 > hacked.e-microsoft.net.http: S 
1304952832:1304952832(0) win 16384
14:48:25.854672 188.26.20.207.1642 > hacked.e-microsoft.net.http: S 
1116405760:1116405760(0) win 16384
14:48:46.386855 188.26.20.248.1654 > hacked.e-microsoft.net.http: S 
416743424:416743424(0) win 16384
14:48:55.907746 188.26.21.11.1192 > hacked.e-microsoft.net.http: S 
202702848:202702848(0) win 16384
14:48:56.909174 188.26.21.13.1285 > hacked.e-microsoft.net.http: S 
488112128:488112128(0) win 16384
14:49:10.438591 188.26.21.40.1664 > hacked.e-microsoft.net.http: S 
691732480:691732480(0) win 16384
14:49:11.440020 188.26.21.42.1503 > hacked.e-microsoft.net.http: S 
1183580160:1183580160(0) win 16384
14:49:13.943673 188.26.21.47.1193 > hacked.e-microsoft.net.http: S 
216072192:216072192(0) win 16384
14:49:19.451578 188.26.21.58.1202 > hacked.e-microsoft.net.http: S 
141623296:141623296(0) win 16384

42561 packets received by filter
32611 packets dropped by kernel


Could anyone please tell whats going on my network...of if anyone has 
experienced the same attack....as such I did't find any thing on google 
regarding this....

Thanks for efforts.....

Regards
Oopss..

More information about the redhat-list mailing list