[fw-wiz] What is my firewall trying to tell me?
From: ross (ross19@cox.net)
Date: 10/29/02
- Next message: Flemming Laugaard: "Re: [fw-wiz] What is my firewall trying to tell me?"
- Previous message: Ames, Neil: "RE: [fw-wiz] Annoying pop-ups"
- Next in thread: Flemming Laugaard: "Re: [fw-wiz] What is my firewall trying to tell me?"
- Reply: Flemming Laugaard: "Re: [fw-wiz] What is my firewall trying to tell me?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "ross" <ross19@cox.net> To: <firewall-wizards@honor.icsalabs.com> Date: Tue Oct 29 12:37:36 2002
I am trying to figure out what is going on with my lan. I have a iptables
firewall/router script running on non-gui based redhat 7.2 and a win xp box
laned to it.
the 193.109.122.5 ip probed me from 22:12 to 22:16. After that probe the
following started to happen 68.13.184.1 and 0.0.0.0 log entries every 30
secounds untill i reboot the box. the 193.109.122.5 ip resolves to
proxyscan.undernet.org. I am connected to irc. I am woundering if undernet
is proxy scanning its users or is something else going that i should be
worried about.
this is happening every night.
I need to learn to read my logs better I am sure!
here are the log entries:
Oct 27 22:16:11 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=00:04:5a:56:b0:27:00:30:b8:02:24:30:08:00 SRC=193.109.122.5
DST=68.99.10.106 LEN=60 TOS=0x00 PREC=0x00 TTL=246 ID=62098 DF PROTO=TCP
SPT=3545 DPT=8000 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 27 22:16:14 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=00:04:5a:56:b0:27:00:30:b8:02:24:30:08:00 SRC=193.109.122.5
DST=68.99.10.106 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=62318 DF PROTO=TCP
SPT=3545 DPT=8000 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 27 22:16:17 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=00:04:5a:56:b0:27:00:30:b8:02:24:30:08:00 SRC=193.109.122.5
DST=68.99.10.106 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=62516 DF PROTO=TCP
SPT=3545 DPT=8000 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 27 22:16:20 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=00:04:5a:56:b0:27:00:30:b8:02:24:30:08:00 SRC=193.109.122.5
DST=68.99.10.106 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=62746 DF PROTO=TCP
SPT=3545 DPT=8000 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 27 22:16:26 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=00:04:5a:56:b0:27:00:30:b8:02:24:30:08:00 SRC=193.109.122.5
DST=68.99.10.106 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=63196 DF PROTO=TCP
SPT=3545 DPT=8000 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 27 22:20:09 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:30:b8:02:24:30:08:00 SRC=68.13.184.1
DST=255.255.255.255 LEN=318 TOS=0x00 PREC=0x00 TTL=255 ID=53326 PROTO=UDP
SPT=67 DPT=68 LEN=298
Oct 27 22:20:09 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:30:b8:02:24:30:08:00 SRC=68.13.184.1
DST=255.255.255.255 LEN=318 TOS=0x00 PREC=0x00 TTL=255 ID=53336 PROTO=UDP
SPT=67 DPT=68 LEN=298
Oct 27 22:20:09 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:30:b8:02:24:30:08:00 SRC=68.13.184.1
DST=255.255.255.255 LEN=318 TOS=0x00 PREC=0x00 TTL=255 ID=53341 PROTO=UDP
SPT=67 DPT=68 LEN=298
Oct 27 22:20:09 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:30:b8:02:24:30:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=53349 PROTO=UDP
SPT=67 DPT=68 LEN=308
Oct 27 22:20:23 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:30:b8:02:24:30:08:00 SRC=68.13.180.1
DST=255.255.255.255 LEN=318 TOS=0x00 PREC=0x00 TTL=255 ID=53987 PROTO=UDP
SPT=67 DPT=68 LEN=298
Oct 27 22:20:39 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:30:b8:02:24:30:08:00 SRC=68.13.184.1
DST=255.255.255.255 LEN=318 TOS=0x00 PREC=0x00 TTL=255 ID=54798 PROTO=UDP
SPT=67 DPT=68 LEN=298
Oct 27 22:20:39 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:30:b8:02:24:30:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=54806 PROTO=UDP
SPT=67 DPT=68 LEN=308
Oct 27 22:21:09 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:30:b8:02:24:30:08:00 SRC=68.13.184.1
DST=255.255.255.255 LEN=318 TOS=0x00 PREC=0x00 TTL=255 ID=56316 PROTO=UDP
SPT=67 DPT=68 LEN=298
Oct 27 22:21:09 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:30:b8:02:24:30:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=56324 PROTO=UDP
SPT=67 DPT=68 LEN=308
Oct 27 22:21:39 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:30:b8:02:24:30:08:00 SRC=68.13.184.1
DST=255.255.255.255 LEN=318 TOS=0x00 PREC=0x00 TTL=255 ID=57845 PROTO=UDP
SPT=67 DPT=68 LEN=298
- Next message: Flemming Laugaard: "Re: [fw-wiz] What is my firewall trying to tell me?"
- Previous message: Ames, Neil: "RE: [fw-wiz] Annoying pop-ups"
- Next in thread: Flemming Laugaard: "Re: [fw-wiz] What is my firewall trying to tell me?"
- Reply: Flemming Laugaard: "Re: [fw-wiz] What is my firewall trying to tell me?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
