[Eisfair] bfb attacker von 127.0.0.1

Fabian Törner toerner at gmx.net
Di Okt 20 23:11:08 CEST 2015 

Hallo zusammen,

ich habe eben eine Interessante Entdeckung gemacht - in der messages.log 
habe ich folgende Einträge gefunden - werden natürlich von bfb nicht 
geblockt das sie vom localhost kommen - hat mich etwas verunsichert und 
ich hoffe ihr könnt euch das erklären:

Oct 20 07:40:03 eis kernel: ATTACKER:IN=lo OUT= 
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 
DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=30734 DF PROTO=TCP 
SPT=43003 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0
Oct 20 07:40:03 eis kernel: ATTACKER:IN=lo OUT= 
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 
DST=127.0.0.1 LEN=88 TOS=0x00 PREC=0xC0 TTL=64 ID=12194 PROTO=ICMP 
TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 
TTL=64 ID=30734 DF PROTO=TCP SPT=43003 DPT=25 WINDOW=32792 RES=0x00 SYN 
URGP=0 ]
Oct 20 07:40:19 eis kernel: ATTACKER:IN=lo OUT= 
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 
DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=30735 DF PROTO=TCP 
SPT=43003 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0
Oct 20 07:40:19 eis kernel: ATTACKER:IN=lo OUT= 
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 
DST=127.0.0.1 LEN=88 TOS=0x00 PREC=0xC0 TTL=64 ID=13880 PROTO=ICMP 
TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 
TTL=64 ID=30735 DF PROTO=TCP SPT=43003 DPT=25 WINDOW=32792 RES=0x00 SYN 
URGP=0 ]
Oct 20 07:40:51 eis kernel: ATTACKER:IN=lo OUT= 
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 
DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=16495 DF PROTO=TCP 
SPT=43008 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0
Oct 20 07:40:51 eis kernel: ATTACKER:IN=lo OUT= 
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 
DST=127.0.0.1 LEN=88 TOS=0x00 PREC=0xC0 TTL=64 ID=18152 PROTO=ICMP 
TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 
TTL=64 ID=16495 DF PROTO=TCP SPT=43008 DPT=25 WINDOW=32792 RES=0x00 SYN 
URGP=0 ]
Oct 20 07:40:52 eis kernel: ATTACKER:IN=lo OUT= 
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 
DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=16496 DF PROTO=TCP 
SPT=43008 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0
Oct 20 07:40:52 eis kernel: ATTACKER:IN=lo OUT= 
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 
DST=127.0.0.1 LEN=88 TOS=0x00 PREC=0xC0 TTL=64 ID=18362 PROTO=ICMP 
TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 
TTL=64 ID=16496 DF PROTO=TCP SPT=43008 DPT=25 WINDOW=32792 RES=0x00 SYN 
URGP=0 ]
Oct 20 07:40:54 eis kernel: ATTACKER:IN=lo OUT= 
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 
DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=16497 DF PROTO=TCP 
SPT=43008 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0
Oct 20 07:40:54 eis kernel: ATTACKER:IN=lo OUT= 
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 
DST=127.0.0.1 LEN=88 TOS=0x00 PREC=0xC0 TTL=64 ID=18758 PROTO=ICMP 
TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 
TTL=64 ID=16497 DF PROTO=TCP SPT=43008 DPT=25 WINDOW=32792 RES=0x00 SYN 
URGP=0 ]
Oct 20 07:40:58 eis kernel: ATTACKER:IN=lo OUT= 
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 
DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=16498 DF PROTO=TCP 
SPT=43008 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0
Oct 20 07:40:58 eis kernel: ATTACKER:IN=lo OUT= 
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 
DST=127.0.0.1 LEN=88 TOS=0x00 PREC=0xC0 TTL=64 ID=19135 PROTO=ICMP 
TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 
TTL=64 ID=16498 DF PROTO=TCP SPT=43008 DPT=25 WINDOW=32792 RES=0x00 SYN 
URGP=0 ]
Oct 20 07:41:06 eis kernel: ATTACKER:IN=lo OUT= 
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 
DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=16499 DF PROTO=TCP 
SPT=43008 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0
Oct 20 07:41:06 eis kernel: ATTACKER:IN=lo OUT= 
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 
DST=127.0.0.1 LEN=88 TOS=0x00 PREC=0xC0 TTL=64 ID=20715 PROTO=ICMP 
TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 
TTL=64 ID=16499 DF PROTO=TCP SPT=43008 DPT=25 WINDOW=32792 RES=0x00 SYN 
URGP=0 ]
Oct 20 07:41:22 eis kernel: ATTACKER:IN=lo OUT= 
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 
DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=16500 DF PROTO=TCP 
SPT=43008 DPT=25 WINDOW=32792 RES=0x00 SYN URGP=0
Oct 20 07:41:22 eis kernel: ATTACKER:IN=lo OUT= 
MAC=00:00:00:00:00:00:00:00:00:00:00:00:08:00 SRC=127.0.0.1 
DST=127.0.0.1 LEN=88 TOS=0x00 PREC=0xC0 TTL=64 ID=21436 PROTO=ICMP 
TYPE=3 CODE=3 [SRC=127.0.0.1 DST=127.0.0.1 LEN=60 TOS=0x00 PREC=0x00 
TTL=64 ID=16500 DF PROTO=TCP SPT=43008 DPT=25 WINDOW=32792 RES=0x00 SYN 
URGP=0 ]


Vielen Dank & viele Grüße
Fabian

Mehr Informationen über die Mailingliste Eisfair