psad Multi-protocol Scan Alert
=-=-=-=-=-=-=-=-=-=-=-= Mon Mar 13 12:58:07 2006 =-=-=-=-=-=-=-=-=-=-=-=
Danger level: [2] (out of 5)
Scanned tcp ports: [15104: 1 packets]
tcp flags: [SYN: 1 packets, Nmap: -sT or -sS]
Iptables chain: INPUT (prefix "DROP"), 1 packets
Source: 192.168.10.3
DNS: [No reverse dns info available]
OS guess: Linux:2.5::Linux 2.5 (sometimes 2.4)
Destination: 192.168.10.1
DNS: [No reverse dns info available]
Syslog hostname: minastirith
Current interval: Mon Mar 13 12:58:02 2006 (start)
Mon Mar 13 12:58:07 2006 (end)
Overall scan start: Mon Mar 13 12:58:02 2006
Total email alerts: 2
Complete tcp range: [15104]
chain: interface: tcp: udp: icmp:
INPUT eth1 2 0 0
[+] tcp scan signatures:
"DDOS mstream client to handler"
sid=249 chain=INPUT packets=1 dp=15104 flags=[SYN] No local server on tcp/15104
[+] Whois Information:
OrgName: Internet Assigned Numbers Authority
OrgID: IANA
Address: 4676 Admiralty Way, Suite 330
City: Marina del Rey
StateProv: CA
PostalCode: 90292-6695
Country: US
NetRange: 192.168.0.0 - 192.168.255.255
CIDR: 192.168.0.0/16
NetName: IANA-CBLK1
NetHandle: NET-192-168-0-0-1
Parent: NET-192-0-0-0-0
NetType: IANA Special Use
NameServer: BLACKHOLE-1.IANA.ORG
NameServer: BLACKHOLE-2.IANA.ORG
Comment: This block is reserved for special purposes.
Comment: Please see RFC 1918 for additional information.
Comment:
RegDate: 1994-03-15
Updated: 2002-09-16
OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet Corporation for Assigned Names and Number
OrgAbusePhone: +1-310-301-5820
OrgAbuseEmail: abuse@iana.org
OrgTechHandle: IANA-IP-ARIN
OrgTechName: Internet Corporation for Assigned Names and Number
OrgTechPhone: +1-310-301-5820
OrgTechEmail: abuse@iana.org
# ARIN WHOIS database, last updated 2006-03-12 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
=-=-=-=-=-=-=-=-=-=-=-= Mon Mar 13 12:58:07 2006 =-=-=-=-=-=-=-=-=-=-=-=