Firewall Wizards mailing list archives

What is my firewall trying to tell me?

From: "ross" <ross19 () cox net>
Date: Tue, 29 Oct 2002 11:14:20 -0600
I am trying to figure out what is going on  with my lan. I have a iptables
firewall/router script running on non-gui based redhat 7.2 and a win xp box
laned to it.
the 193.109.122.5 ip probed me from 22:12 to 22:16. After that probe the
following started to happen 68.13.184.1 and 0.0.0.0  log  entries every 30
secounds untill i reboot the box. the 193.109.122.5 ip resolves to
proxyscan.undernet.org. I am connected to irc. I am woundering if undernet
is proxy scanning its users or is something else going that i should be
worried about.
this is happening every night.
I need to learn to read my logs better  I am sure!
here are the log  entries:

Oct 27 22:16:11 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=00:04:5a:56:b0:27:00:30:b8:02:24:30:08:00 SRC=193.109.122.5
DST=68.99.10.106 LEN=60 TOS=0x00 PREC=0x00 TTL=246 ID=62098 DF PROTO=TCP
SPT=3545 DPT=8000 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 27 22:16:14 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=00:04:5a:56:b0:27:00:30:b8:02:24:30:08:00 SRC=193.109.122.5
DST=68.99.10.106 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=62318 DF PROTO=TCP
SPT=3545 DPT=8000 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 27 22:16:17 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=00:04:5a:56:b0:27:00:30:b8:02:24:30:08:00 SRC=193.109.122.5
DST=68.99.10.106 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=62516 DF PROTO=TCP
SPT=3545 DPT=8000 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 27 22:16:20 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=00:04:5a:56:b0:27:00:30:b8:02:24:30:08:00 SRC=193.109.122.5
DST=68.99.10.106 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=62746 DF PROTO=TCP
SPT=3545 DPT=8000 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 27 22:16:26 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=00:04:5a:56:b0:27:00:30:b8:02:24:30:08:00 SRC=193.109.122.5
DST=68.99.10.106 LEN=44 TOS=0x00 PREC=0x00 TTL=246 ID=63196 DF PROTO=TCP
SPT=3545 DPT=8000 WINDOW=65535 RES=0x00 SYN URGP=0
Oct 27 22:20:09 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:30:b8:02:24:30:08:00 SRC=68.13.184.1
DST=255.255.255.255 LEN=318 TOS=0x00 PREC=0x00 TTL=255 ID=53326 PROTO=UDP
SPT=67 DPT=68 LEN=298
Oct 27 22:20:09 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:30:b8:02:24:30:08:00 SRC=68.13.184.1
DST=255.255.255.255 LEN=318 TOS=0x00 PREC=0x00 TTL=255 ID=53336 PROTO=UDP
SPT=67 DPT=68 LEN=298
Oct 27 22:20:09 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:30:b8:02:24:30:08:00 SRC=68.13.184.1
DST=255.255.255.255 LEN=318 TOS=0x00 PREC=0x00 TTL=255 ID=53341 PROTO=UDP
SPT=67 DPT=68 LEN=298
Oct 27 22:20:09 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:30:b8:02:24:30:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=53349 PROTO=UDP
SPT=67 DPT=68 LEN=308
Oct 27 22:20:23 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:30:b8:02:24:30:08:00 SRC=68.13.180.1
DST=255.255.255.255 LEN=318 TOS=0x00 PREC=0x00 TTL=255 ID=53987 PROTO=UDP
SPT=67 DPT=68 LEN=298
Oct 27 22:20:39 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:30:b8:02:24:30:08:00 SRC=68.13.184.1
DST=255.255.255.255 LEN=318 TOS=0x00 PREC=0x00 TTL=255 ID=54798 PROTO=UDP
SPT=67 DPT=68 LEN=298
Oct 27 22:20:39 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:30:b8:02:24:30:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=54806 PROTO=UDP
SPT=67 DPT=68 LEN=308
Oct 27 22:21:09 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:30:b8:02:24:30:08:00 SRC=68.13.184.1
DST=255.255.255.255 LEN=318 TOS=0x00 PREC=0x00 TTL=255 ID=56316 PROTO=UDP
SPT=67 DPT=68 LEN=298
Oct 27 22:21:09 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:30:b8:02:24:30:08:00 SRC=0.0.0.0
DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00 TTL=255 ID=56324 PROTO=UDP
SPT=67 DPT=68 LEN=308
Oct 27 22:21:39 ip68-99-10-106 kernel: Netfilter: IN=eth0 OUT=
MAC=ff:ff:ff:ff:ff:ff:00:30:b8:02:24:30:08:00 SRC=68.13.184.1
DST=255.255.255.255 LEN=318 TOS=0x00 PREC=0x00 TTL=255 ID=57845 PROTO=UDP
SPT=67 DPT=68 LEN=298


_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:

What is my firewall trying to tell me? ross (Oct 29)
- Re: What is my firewall trying to tell me? Flemming Laugaard (Oct 29)