Problems With a Hacker - Can anyone tell me if
by Jeff Maxwell from LinuxQuestions.org on (#4Z2XN)
If the following journal entries appear to be someone trying to get in or something else?
Thanks ahead of time.
Max
2/7/20 10:03 PMkernel[UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:01:48:5d:36:22:ec:46:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=25057 DF PROTO=2
2/7/20 10:03 PMkernel[UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:fb:78:88:6d:e8:59:a4:08:00 SRC=192.168.1.206 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=2452 PROTO=2
2/7/20 10:04 PMkernel[UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:fb:78:88:6d:e8:59:a4:08:00 SRC=192.168.1.206 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=51917 PROTO=2
2/7/20 10:05 PMCRONpam_unix(cron:session): session opened for user root by (uid=0)
2/7/20 10:05 PMCRONpam_unix(cron:session): session opened for user root by (uid=0)
2/7/20 10:05 PMCRON(root) CMD (if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ] && [ -d "$(grep '^[[:space:]]*[^#]*[[:space:]]*WorkDir' /etc/mrtg.cfg | awk '{ print $NF }')" ]; then mkdir -p /var/log/mrtg ; env LANG=C /usr/bin/mrtg /etc/mrtg.cfg 2>&1 | tee -a /var/log/mrtg/mrtg.log ; fi)
2/7/20 10:05 PMCRON(root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
2/7/20 10:05 PMCRONpam_unix(cron:session): session closed for user root
2/7/20 10:05 PMCRONpam_unix(cron:session): session closed for user root
2/7/20 10:05 PMkernel[UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:01:48:5d:36:22:ec:46:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24890 DF PROTO=2
2/7/20 10:05 PMkernel[UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:fb:78:88:6d:e8:59:a4:08:00 SRC=192.168.1.206 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=11854 PROTO=2
2/7/20 10:06 PMkernel[UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:fb:78:88:6d:e8:59:a4:08:00 SRC=192.168.1.206 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=8731 PROTO=2
2/7/20 10:07 PMkernel[UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:01:48:5d:36:22:ec:46:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=5370 DF PROTO=2
2/7/20 10:07 PMkernel[UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:fb:78:88:6d:e8:59:a4:08:00 SRC=192.168.1.206 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=45259 PROTO=2
2/7/20 10:08 PMkernel[UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:fb:78:88:6d:e8:59:a4:08:00 SRC=192.168.1.206 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=16325 PROTO=2
2/7/20 10:09 PMkernel[UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:fb:78:88:6d:e8:59:a4:08:00 SRC=192.168.1.206 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=35737 PROTO=2
2/7/20 10:09 PMkernel[UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:01:48:5d:36:22:ec:46:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=23521 DF PROTO=2
Thanks ahead of time.
Max
2/7/20 10:03 PMkernel[UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:01:48:5d:36:22:ec:46:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=25057 DF PROTO=2
2/7/20 10:03 PMkernel[UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:fb:78:88:6d:e8:59:a4:08:00 SRC=192.168.1.206 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=2452 PROTO=2
2/7/20 10:04 PMkernel[UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:fb:78:88:6d:e8:59:a4:08:00 SRC=192.168.1.206 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=51917 PROTO=2
2/7/20 10:05 PMCRONpam_unix(cron:session): session opened for user root by (uid=0)
2/7/20 10:05 PMCRONpam_unix(cron:session): session opened for user root by (uid=0)
2/7/20 10:05 PMCRON(root) CMD (if [ -x /usr/bin/mrtg ] && [ -r /etc/mrtg.cfg ] && [ -d "$(grep '^[[:space:]]*[^#]*[[:space:]]*WorkDir' /etc/mrtg.cfg | awk '{ print $NF }')" ]; then mkdir -p /var/log/mrtg ; env LANG=C /usr/bin/mrtg /etc/mrtg.cfg 2>&1 | tee -a /var/log/mrtg/mrtg.log ; fi)
2/7/20 10:05 PMCRON(root) CMD (command -v debian-sa1 > /dev/null && debian-sa1 1 1)
2/7/20 10:05 PMCRONpam_unix(cron:session): session closed for user root
2/7/20 10:05 PMCRONpam_unix(cron:session): session closed for user root
2/7/20 10:05 PMkernel[UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:01:48:5d:36:22:ec:46:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=24890 DF PROTO=2
2/7/20 10:05 PMkernel[UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:fb:78:88:6d:e8:59:a4:08:00 SRC=192.168.1.206 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=11854 PROTO=2
2/7/20 10:06 PMkernel[UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:fb:78:88:6d:e8:59:a4:08:00 SRC=192.168.1.206 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=8731 PROTO=2
2/7/20 10:07 PMkernel[UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:01:48:5d:36:22:ec:46:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=5370 DF PROTO=2
2/7/20 10:07 PMkernel[UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:fb:78:88:6d:e8:59:a4:08:00 SRC=192.168.1.206 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=45259 PROTO=2
2/7/20 10:08 PMkernel[UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:fb:78:88:6d:e8:59:a4:08:00 SRC=192.168.1.206 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=16325 PROTO=2
2/7/20 10:09 PMkernel[UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:fb:78:88:6d:e8:59:a4:08:00 SRC=192.168.1.206 DST=224.0.0.251 LEN=32 TOS=0x00 PREC=0x00 TTL=1 ID=35737 PROTO=2
2/7/20 10:09 PMkernel[UFW BLOCK] IN=eno1 OUT= MAC=01:00:5e:00:00:01:48:5d:36:22:ec:46:08:00 SRC=192.168.1.1 DST=224.0.0.1 LEN=36 TOS=0x00 PREC=0xC0 TTL=1 ID=23521 DF PROTO=2