Dear people on the list,
Can you tell me if some hacker is trying to get into my system?
Please see some alert messages from snort in the following.
Also, I see many lines of "www.cynru.com/Documents/bogon-list.html"
in the alert message. What is that mean?
Honestly, I have a Linux system came with default snort running,
and I don't know much about snort. I need to learn.
Thanks a lot for your time.
Philip
=========== alert from my snort ===========================
[**] [1:2002749:2] BLEEDING-EDGE POLICY Reserved IP Space Traffic - Bogon Nets 1 [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
03/12-16:02:49.541160 0.0.0.0:68 -> 255.255.255.255:67
UDP TTL:128 TOS:0x0 ID:18 IpLen:20 DgmLen:330
Len: 302
[Xref =>
http://www.cymru.com/Documents/bogon-list.html]
[**] [1:2002911:1] BLEEDING-EDGE SCAN Potential VNC Scan 5900-5920 [**]
[Classification: Attempted Information Leak] [Priority: 2]
03/12-16:04:10.413012 211.133.123.213:2855 -> 75.148.5.232:5900
TCP TTL:21 TOS:0x20 ID:43110 IpLen:20 DgmLen:64 DF
******S* Seq: 0x6EF67D47 Ack: 0x0 Win: 0xD200 TcpLen: 44
TCP Options (9) => MSS: 1414 NOP WS: 3 NOP NOP TS: 0 0 NOP NOP
TCP Options => SackOK
[**] [1:2002911:1] BLEEDING-EDGE SCAN Potential VNC Scan 5900-5920 [**]
[Classification: Attempted Information Leak] [Priority: 2]
03/12-17:53:29.870465 74.14.172.209:2354 -> 75.148.5.232:5900
TCP TTL:30 TOS:0x20 ID:15086 IpLen:20 DgmLen:64 DF
******S* Seq: 0xC94AE0D1 Ack: 0x0 Win: 0xD200 TcpLen: 44
TCP Options (9) => MSS: 1440 NOP WS: 3 NOP NOP TS: 0 0 NOP NOP
TCP Options => SackOK
[**] [1:2002749:2] BLEEDING-EDGE POLICY Reserved IP Space Traffic - Bogon Nets 1 [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
03/12-19:10:52.219369 0.0.0.0:68 -> 255.255.255.255:67
UDP TTL:128 TOS:0x0 ID:0 IpLen:20 DgmLen:348
Len: 320
[Xref =>
http://www.cymru.com/Documents/bogon-list.html]
[**] [1:2002749:2] BLEEDING-EDGE POLICY Reserved IP Space Traffic - Bogon Nets 1 [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
03/12-20:50:10.430761 0.0.0.0:68 -> 255.255.255.255:67
UDP TTL:128 TOS:0x0 ID:0 IpLen:20 DgmLen:348
Len: 320
[Xref =>
http://www.cymru.com/Documents/bogon-list.html]
[**] [1:2001689:5] BLEEDING-EDGE WORM Potential MySQL bot scanning for SQL server [**]
[Classification: A Network Trojan was detected] [Priority: 1]
03/13-01:24:43.872832 218.56.180.251:46961 -> 75.148.5.239:3306
TCP TTL:93 TOS:0x20 ID:256 IpLen:20 DgmLen:40
******S* Seq: 0xBE7728D2 Ack: 0x0 Win: 0x4000 TcpLen: 20
[Xref =>
http://isc.sans.org/diary.php?date=2005-01-27]
[**] [1:2002749:2] BLEEDING-EDGE POLICY Reserved IP Space Traffic - Bogon Nets 1 [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
03/13-08:28:26.165653 0.0.0.0:68 -> 255.255.255.255:67
UDP TTL:128 TOS:0x0 ID:0 IpLen:20 DgmLen:348
Len: 320
[Xref =>
http://www.cymru.com/Documents/bogon-list.html]