Web lists-archives.com

Strange attacks in my log




Hi folks,

 

I discovered some strange log entries, which are created by "portsentry" (a tool for wathing port accesses).

 

It looks like whenever I insert an USB-drive or a SD-Card, the own system wants to access on an UDP-Port (69 or 161). It tries also to access all other computers in the network.

 

This looks strange for me, because I can not reproduce, why inserting a memeory device, network activies are started.

 

With wireshark I could see, this is "BJNP" (whatever this means)

 

Same happens, when pulling the USB-stick or the sd-card out.

 

This is, what is in the log:

 

---------------- snip ----------

 

Feb 21 10:14:39 localhost udisksd[13607]: g_object_unref: assertion'G_IS_OBJECT (object)' failed
Feb 21 10:14:44 localhost scanbd: /usr/sbin/scanbd: no devices, not starting any polling thread
Feb 21 10:14:47 localhost portsentry[6172]: attackalert: Connect from host: 192.168.2.117/192.168.2.117 to UDP port: 161
Feb 21 10:14:47 localhost portsentry[6172]: attackalert: Host: 192.168.2.117 is already blocked. Ignoring
Feb 21 10:14:48 localhost portsentry[6172]: attackalert: Connect from host: 192.168.2.117/192.168.2.117 to UDP port: 161
Feb 21 10:14:48 localhost portsentry[6172]: attackalert: Host: 192.168.2.117 is already blocked. Ignoring
Feb 21 10:14:53 localhost scanbd: /usr/sbin/scanbd: no devices, not starting any polling thread
Feb 21 10:15:01 localhost CRON[27395]: (root) CMD (if [ -x /usr/bin/gsmsmsrequeue ]; then /us

---------- snap -----------------

 

Same log appeares on the other computers (with the same source). I inserted the card in the computer with the ip "192.168.2.117".

 

Can anybody confirm this, or does know some background?

 

Thanks for enlightening me.

 

Best regards

 

Hans

Attachment: signature.asc
Description: This is a digitally signed message part.