Firewall logs
Kurt Kessler
kessler2k at yahoo.com
Thu Apr 10 04:13:12 CDT 2003
Lately i have been getting a shitload of alerts from
my firewall. and it always seems to be the same Ip
that its coming from. this has been happening for
about two days now. either im completely
misinterpreting these logs, or someone is very
persistent. now, before i jump to conclusions, can
anyone give me their opinion on whether this is
harmless or if they think this should be reported or
'other'? getting these constant emails about security
alerts is starting to get annoying. Here is what i
have:
Wed, 04/09/2003 17:06:02 - TCP connection dropped -
Source:68.63.4.110, 1288, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 17:08:32 - TCP connection dropped -
Source:68.63.4.110, 1319, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 17:10:11 - TCP connection dropped -
Source:68.63.4.110, 1344, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 17:14:25 - TCP connection dropped -
Source:68.63.4.110, 1419, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 17:15:55 - TCP connection dropped -
Source:68.63.4.110, 1444, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 17:19:28 - TCP connection dropped -
Source:68.63.4.110, 1519, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 17:25:13 - TCP connection dropped -
Source:68.63.4.110, 1597, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 17:25:48 - UDP packet dropped -
Source:165.200.87.204, 1386, WAN -
Destination:68.86.46.178, 1434, LAN - 'Suspicious UDP
Data'
Wed, 04/09/2003 17:30:13 - TCP connection dropped -
Source:68.63.4.110, 1673, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 17:33:56 - TCP connection dropped -
Source:200.65.168.23, 21026, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 17:34:49 - TCP connection dropped -
Source:68.63.4.110, 1776, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 17:38:00 - TCP connection dropped -
Source:68.38.198.29, 4997, WAN -
Destination:68.86.46.178, 80, LAN - 'WEB'
Wed, 04/09/2003 17:38:33 - TCP connection dropped -
Source:160.79.200.2, 3720, WAN -
Destination:68.86.46.178, 445, LAN - 'SMB'
Wed, 04/09/2003 17:38:55 - TCP connection dropped -
Source:68.63.4.110, 1844, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 17:40:36 - TCP connection dropped -
Source:68.63.4.110, 1875, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 17:42:19 - TCP connection dropped -
Source:68.63.4.110, 1913, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 17:48:23 - TCP connection dropped -
Source:68.63.4.110, 2031, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 17:49:15 - TCP connection dropped -
Source:172.193.157.189, 1387, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 17:52:42 - TCP connection dropped -
Source:68.63.4.110, 2098, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 17:54:08 - TCP connection dropped -
Source:68.63.4.110, 2129, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 17:55:55 - TCP connection dropped -
Source:68.63.4.110, 2169, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 17:59:03 - TCP connection dropped -
Source:68.63.4.110, 2234, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 18:02:35 - TCP connection dropped -
Source:68.63.4.110, 2305, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 18:04:05 - TCP connection dropped -
Source:68.63.4.110, 2341, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 18:06:29 - TCP connection dropped -
Source:68.63.4.110, 2387, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 18:09:46 - TCP connection dropped -
Source:68.63.4.110, 2411, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 18:11:49 - UDP packet dropped -
Source:128.11.156.210, 1144, WAN -
Destination:68.86.46.178, 1434, LAN - 'Suspicious UDP
Data'
Wed, 04/09/2003 18:12:32 - TCP connection dropped -
Source:68.63.4.110, 2459, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 18:13:56 - TCP connection dropped -
Source:68.86.33.226, 4569, WAN -
Destination:68.86.46.178, 80, LAN - 'WEB'
Wed, 04/09/2003 18:16:26 - UDP packet dropped -
Source:61.136.176.5, 1041, WAN -
Destination:68.86.46.178, 1434, LAN - 'Suspicious UDP
Data'
Wed, 04/09/2003 18:17:43 - TCP connection dropped -
Source:61.127.75.91, 1775, WAN -
Destination:68.86.46.178, 445, LAN - 'SMB'
Wed, 04/09/2003 18:18:08 - TCP connection dropped -
Source:68.63.4.110, 2514, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 18:19:27 - TCP connection dropped -
Source:68.63.4.110, 2541, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 18:19:49 - UDP packet dropped -
Source:213.174.174.167, 1058, WAN -
Destination:68.86.46.178, 1434, LAN - 'Suspicious UDP
Data'
Wed, 04/09/2003 18:24:11 - TCP connection dropped -
Source:68.63.4.110, 2634, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 18:27:49 - TCP connection dropped -
Source:68.63.4.110, 2736, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 18:32:59 - TCP connection dropped -
Source:81.101.153.154, 3823, WAN -
Destination:68.86.46.178, 445, LAN - 'SMB'
Wed, 04/09/2003 18:33:37 - TCP connection dropped -
Source:68.86.172.218, 2004, WAN -
Destination:68.86.46.178, 80, LAN - 'WEB'
Wed, 04/09/2003 18:35:30 - TCP connection dropped -
Source:68.63.4.110, 2894, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 18:37:56 - TCP connection dropped -
Source:68.63.4.110, 2961, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 18:39:53 - TCP connection dropped -
Source:68.63.4.110, 3009, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 18:42:15 - TCP connection dropped -
Source:68.63.4.110, 3056, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 18:46:08 - TCP connection dropped -
Source:68.63.4.110, 3140, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 18:47:53 - TCP connection dropped -
Source:68.63.4.110, 3184, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 18:49:40 - TCP connection dropped -
Source:68.63.4.110, 3225, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 18:50:21 - TCP connection dropped -
Source:68.86.172.218, 4269, WAN -
Destination:68.86.46.178, 80, LAN - 'WEB'
Wed, 04/09/2003 18:51:16 - TCP connection dropped -
Source:68.63.4.110, 3261, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 18:53:15 - TCP connection dropped -
Source:68.63.4.110, 3304, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 18:55:12 - TCP connection dropped -
Source:68.63.4.110, 3344, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 18:57:09 - TCP connection dropped -
Source:68.63.4.110, 3376, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 18:57:40 - TCP connection dropped -
Source:68.86.60.144, 1706, WAN -
Destination:68.86.46.178, 27374, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 18:60:27 - TCP connection dropped -
Source:68.63.4.110, 3412, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 19:07:18 - TCP connection dropped -
Source:68.63.4.110, 3466, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 19:11:08 - TCP connection dropped -
Source:68.63.4.110, 3509, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 19:12:32 - TCP connection dropped -
Source:68.63.4.110, 3537, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 19:16:44 - TCP connection dropped -
Source:68.63.4.110, 3579, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 19:18:23 - TCP connection dropped -
Source:68.63.4.110, 3609, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 19:19:45 - TCP connection dropped -
Source:68.63.4.110, 3638, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 19:23:04 - TCP connection dropped -
Source:68.63.4.110, 3673, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 19:24:59 - TCP connection dropped -
Source:68.63.4.110, 3706, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 19:27:33 - TCP connection dropped -
Source:68.63.4.110, 3757, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 19:28:51 - TCP connection dropped -
Source:68.86.60.144, 3347, WAN -
Destination:68.86.46.178, 1237, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 19:29:31 - TCP connection dropped -
Source:68.63.4.110, 3800, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 19:31:39 - TCP connection dropped -
Source:68.63.4.110, 3842, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 19:35:12 - TCP connection dropped -
Source:68.63.4.110, 3905, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 19:38:35 - TCP connection dropped -
Source:68.63.4.110, 3948, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 19:40:23 - TCP connection dropped -
Source:68.63.4.110, 3984, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 19:46:33 - TCP connection dropped -
Source:68.63.4.110, 4081, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 19:48:47 - TCP connection dropped -
Source:68.63.4.110, 4131, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 19:50:55 - TCP connection dropped -
Source:68.63.4.110, 4180, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 19:53:05 - TCP connection dropped -
Source:68.63.4.110, 4234, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 19:56:48 - TCP connection dropped -
Source:68.63.4.110, 4332, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 19:58:15 - TCP connection dropped -
Source:68.63.4.110, 4369, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:02:27 - TCP connection dropped -
Source:68.63.4.110, 4490, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:04:32 - TCP connection dropped -
Source:68.63.4.110, 4547, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:08:36 - TCP connection dropped -
Source:68.63.4.110, 4662, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:10:19 - TCP connection dropped -
Source:68.63.4.110, 4702, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:12:40 - TCP connection dropped -
Source:68.86.223.10, 1355, WAN -
Destination:68.86.46.178, 80, LAN - 'WEB'
Wed, 04/09/2003 20:13:07 - TCP connection dropped -
Source:68.63.4.110, 4780, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:14:31 - TCP connection dropped -
Source:68.63.4.110, 4809, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:17:13 - TCP connection dropped -
Source:68.63.4.110, 4860, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:17:52 - TCP connection dropped -
Source:209.179.52.107, 6699, WAN -
Destination:68.86.46.178, 18457, LAN - 'Possible Port
Scan'
Wed, 04/09/2003 20:18:33 - TCP connection dropped -
Source:68.63.4.110, 4900, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:20:36 - TCP connection dropped -
Source:68.63.4.110, 4934, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:22:00 - TCP connection dropped -
Source:68.63.4.110, 4971, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:23:26 - TCP connection dropped -
Source:68.63.4.110, 1037, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:26:35 - TCP connection dropped -
Source:68.63.4.110, 1104, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:27:01 - TCP connection dropped -
Source:68.86.223.10, 2817, WAN -
Destination:68.86.46.178, 80, LAN - 'WEB'
Wed, 04/09/2003 20:27:59 - TCP connection dropped -
Source:68.63.4.110, 1132, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:28:15 - TCP connection dropped -
Source:209.179.52.107, 6699, WAN -
Destination:68.86.46.178, 18460, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:29:19 - TCP connection dropped -
Source:68.63.4.110, 1161, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:31:57 - TCP connection dropped -
Source:68.63.4.110, 1218, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:33:17 - TCP connection dropped -
Source:68.63.4.110, 1251, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:33:23 - TCP connection dropped -
Source:68.116.136.131, 4345, WAN -
Destination:68.86.46.178, 80, LAN - 'WEB'
Wed, 04/09/2003 20:38:53 - TCP connection dropped -
Source:68.86.223.10, 4069, WAN -
Destination:68.86.46.178, 80, LAN - 'WEB'
Wed, 04/09/2003 20:39:43 - TCP connection dropped -
Source:68.63.4.110, 1394, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:45:44 - TCP connection dropped -
Source:68.63.4.110, 1554, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:47:35 - TCP connection dropped -
Source:68.63.4.110, 1607, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:49:15 - TCP connection dropped -
Source:68.63.4.110, 1653, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:52:23 - TCP connection dropped -
Source:68.63.4.110, 1740, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:53:46 - TCP connection dropped -
Source:68.63.4.110, 1780, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:56:11 - TCP connection dropped -
Source:68.63.4.110, 1837, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 20:60:06 - TCP connection dropped -
Source:68.63.4.110, 1948, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 21:01:43 - TCP connection dropped -
Source:68.63.4.110, 1985, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 21:03:24 - TCP connection dropped -
Source:68.63.4.110, 2026, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 21:05:03 - TCP connection dropped -
Source:68.63.4.110, 2068, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 21:07:06 - TCP connection dropped -
Source:68.63.4.110, 2128, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 21:09:13 - TCP connection dropped -
Source:68.63.4.110, 2187, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 21:12:44 - TCP connection dropped -
Source:68.63.4.110, 2273, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 21:17:36 - TCP connection dropped -
Source:68.63.4.110, 2357, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 21:21:03 - TCP connection dropped -
Source:68.63.4.110, 2447, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 21:22:15 - UDP packet dropped -
Source:12.235.19.62, 4203, WAN -
Destination:68.86.46.178, 135, LAN - 'Possible Port
Scan'
Wed, 04/09/2003 21:22:35 - TCP connection dropped -
Source:68.63.4.110, 2488, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 21:33:33 - TCP connection dropped -
Source:68.63.4.110, 2594, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP
Data'
Wed, 04/09/2003 21:35:06 - �MÀ™
__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://tax.yahoo.com
More information about the Kclug
mailing list