HI,


I have few entries as this. Anyone can give me an explanation for this?.




Nov 7 06:37:01 super [7558]: Validation succeeded
Nov 7 06:46:32 super kernel: PUB_IN DROP 2IN=eth0 OUT= MAC=00:04:23:2c:47:de:00
:e0:80:53:23:05:08:00 SRC=193.247.238.60 DST=207.44.xx.xx LEN=57 TOS=0x00 PREC=
0x00 TTL=46 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=10879 SEQ=61187
Nov 7 06:46:40 super psad: port scan detected: 193.247.238.60 -> 207.44.xx.xx
pkts=7 dangerlevel: 1
Nov 7 06:51:53 super kernel: PUB_IN DROP 2IN=eth0 OUT= MAC=00:04:23:2c:47:de:00
:e0:80:53:23:05:08:00 SRC=193.247.238.60 DST=207.44.xx.xx LEN=57 TOS=0x00 PREC=
0x00 TTL=46 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=10879 SEQ=65027
Nov 7 06:51:55 super psad: port scan detected: 193.247.238.60 -> 207.44.xx.xx
pkts=8 dangerlevel: 1
Nov 7 06:57:11 super kernel: PUB_IN DROP 2IN=eth0 OUT= MAC=00:04:23:2c:47:de:00
:e0:80:53:23:05:08:00 SRC=193.247.238.60 DST=207.44.xx.xxLEN=57 TOS=0x00 PREC=
0x00 TTL=46 ID=0 DF PROTO=ICMP TYPE=8 CODE=0 ID=10879 SEQ=4356
Nov 7 06:57:26 super psad: port scan detected: 193.247.238.60 -> 207.44.xx.xx
pkts=9 dangerlevel: 1
Nov 7 07:37:00 super [7835]: Validation succeeded



Thanks in advance

OY!

The log report sez:
there is a proggy running on your system called psad (port scan attack detector) and it picked up an ICMP echo reply request (type=8) from the same IPaddy (193.247.238.60) which resolves to a web hosting company called CohProg SaRL (www.cohprog.com).

There can be a couple of reasons for this:
1. You visited one of their sites and they are seeing if you are still up.
2.One of their shell accounts is comprimised and some is port scanning you.
3.Coupla others, not to worry about.

It seems that your kernel dropped them too, which is good (in general).

What system are you running?