[nSLUG] IP Spoofing
nslug at fop.ns.ca
Fri May 13 15:32:18 ADT 2005
On Fri, 13 May 2005, J. Paul Bissonnette wrote:
> 06:59:53 **IP Spoofing** <IP> Source IP:192.168.0.6 Port:3539
> Dest IP:220.127.116.11 Port:5554
> Does any one know what this means, it was in the hacker log of my router.
A machine was trying to connect to your machine on port 5554. This was
probably someone infected with a virus that scans for other machines that
have been infected by Sasser, as Sasser uses port 5554. Since the source
address is RFC1918 space, I suspect it was a machine on your local subnet
as I believe Eastlink filters out reserved addresses at the gateway.
Not something to really worry about, unless you have a machine 192.168.0.6
on your own network, in which case you may want to run a virus scan.
More information about the nSLUG