What Is A RABHIT

Oct 7, 2007

I'm getting a strange line in /var/log/message on averag about once a day:

Quote:

Sep 28 10:37:10 server1 kernel: ** RABHIT ** IN=eth0 OUT= MAC=00:16:76:be:73:67:00:05:85:0f:1f:40:08:00 SRC=1.2.3.4 DST=5.6.7.8 LEN=40 TOS=0x00 PREC=0x00 TTL=110 ID=7021 DF PROTO=TCP SPT=54968 D
PT=29722 WINDOW=0 RES=0x00 URGP=0

There are a handful of SRC addresses which I have traced and appear to be residential broadband in Los Angeles, Ireland and Sydney. The destination port is either 53,80 or as in this example 29722. 53 and 80 are open on my server and a legitimate destination. 29722 appears to be a sybase port, which I do not run and this is blocked on the firewall.

Does anyone know what this means? The server is running Centos 4, 64-bit.

View 0 Replies


ADVERTISEMENT

Message In Log File :: Kernel: ** RABHIT **?

Jan 23, 2008

I keep getting the following message in my /var/log/message log file:

kernel: ** RABHIT ** IN=eth0 OUT= MAC=00:1b:78:6e:a7:cc:00:03:fe:a0:50:00:08:00 SRC=XX.XXX.XXX.XXX DST=XXX.XXX.XXX.XXX LEN=40 TOS=0x00 PREC=0x00 TTL=237 ID=53229 PROTO=TCP SPT=51203 DPT=80 WINDOW=0 RES=0x00 RST FIN URGP=0

where the XXX.XXX.XXX.XXX is an ip address. Can anyone explain what this is?

This is on a Red Hat box.

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved