Security Basics mailing list archives

Re: Firewall log help

From: fnfspam () yahoo dk
Date: 8 Jun 2005 09:06:16 -0000

These are responses from a web server to a (spoofed?) web client:
---
2005/06/06,08:14:04,-10:00, 
!well, the date ;-)
61.145.10.48,
!responding host
80,
!his source is 'your' destination: www
206.126.x.x,
!your IP (you knew that ;-)
25619, 
!his destination is 'your' source: >1023
TCP (flags:AS),
!correct me if I'm wrong, but I recall it's Syn/Ack. This further shows this packet is a respons from an Ack you 
supposely (sp?)send
1
!nr of packets
---
As the firewall is dropping these packets, either the NAT-timers on your firewall are set to low or your address is 
being spoofed (a bit more likely).
Not much you can do about it (appart from blocking Chinese ip-address).

Current thread:

Firewall log help Michael Painter (Jun 06)
- Re: Firewall log help Michael Painter (Jun 06)
- <Possible follow-ups>
- Re: Firewall log help fnfspam (Jun 08)