[SLUG] a logging problem

• Next message: Bob Stia: "Re: [SLUG] Slow Mozilla - Now can't connect"
• Previous message: wchast@utilpart.com: "RE: [SLUG] Using old ethernet wiring?"
• Next in thread: A2L1: "Re: [SLUG] a logging problem"
• Reply: A2L1: "Re: [SLUG] a logging problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello,
I have a weird thing going on and I cant seem to find where it
is coming from to edit it. I am running SuSE 9.1 pro on a
PIII-700 box and all is well and everything is working just
fine. I originally was going to use driverloader for the wifi
but after partially loading it I discovered SuSE had it all
set and no prob. OK so far everything is fine, got an uptime
of over 40 days.
I had to move things around and that meant shutting down the
puter(new desk,etc.) got everything taken care of and set
everything up booted up and all is good everything is running
fine and no function probs at all. Here is the problem,
apparently there is somekind of IP logging going on and it is
flooding my mailbox. It is coming from me to me here is a
sample:
Jul/17/2004 20:35:37
 Target IP(198.31.248.210), Target Port(110) Packet Dropped
Jul/17/2004 20:35:37
 Spoof IP(192.168.0.5), Spoof Port(4845)
Jul/17/2004 20:35:37
 Spoof Attack fromd MAC(00----------A-51) Detect,
Jul/17/2004 20:35:37
 Target IP(198.31.248.210), Target Port(110) Packet Dropped
Jul/17/2004 20:35:37
 Spoof IP(192.168.0.5), Spoof Port(4845)
Jul/17/2004 20:35:37
 Spoof Attack fromd MAC(00--------------A-51) Detect,
Jul/17/2004 20:35:37
 Target IP(198.31.248.210), Target Port(110) Packet Dropped
Jul/17/2004 20:35:37
 Spoof IP(192.168.0.5), Spoof Port(4845)
Jul/17/2004 20:35:37
 Spoof Attack fromd MAC(00----------A-51) Detect,
Jul/17/2004 20:35:37
 Target IP(198.31.248.210), Target Port(110) Packet Dropped
Jul/17/2004 20:35:37
 Spoof IP(192.168.0.5), Spoof Port(4845)
Jul/17/2004 20:35:37
 Spoof Attack fromd MAC(00--------B-AA-51) Detect,
Jul/17/2004 20:35:36
 Target IP(198.31.248.210), Target Port(110) Packet Dropped
Jul/17/2004 20:35:36
 Spoof IP(192.168.0.5), Spoof Port(4845)
Jul/17/2004 20:35:36
 Spoof Attack fromd MAC(0-------AA-51) Detect,
Jul/17/2004 20:35:36
Now this seems to have something to do with the wireless stuff
because it is always refering to the mac of the wireless PCI
card.
I cant for the life of me find out what is sending this or
where to edit it out. Overnight I will have in excess of 3000
emails all with the same stuff.
Here is one of the headers:
DI-624 Log AttackLog(from: 63.---.---.8)
 Date: Today 21:36:24
 From: a2l1@tampadsl.net
 To: a2l1@tampadsl.net
Anyone have any ideas where to look and what to edit?
I would appreciate any help.

Thanks,
A J

-- 
Feel safe and confident,there were no M$ products used in the 
creation of this email, only virus-free and rock solid LINUX!
Registered LINUX user #191255
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS).  Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.

• Next message: Bob Stia: "Re: [SLUG] Slow Mozilla - Now can't connect"
• Previous message: wchast@utilpart.com: "RE: [SLUG] Using old ethernet wiring?"
• Next in thread: A2L1: "Re: [SLUG] a logging problem"
• Reply: A2L1: "Re: [SLUG] a logging problem"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:34:16 EDT