Firewall logs
admin at kclinux.net
admin at kclinux.net
Thu Apr 10 04:34:57 CDT 2003
I had those same errors one time with a certain router that I used, some
el-cheapo one. When I replaced it with the LinkSys one I have now, I don’t
see those errors any more. I thought my router was fluking out. Is your
box on a router?
-----Original Message-----
From: owner-kclug at marauder.illiana.net
[mailto:owner-kclug at marauder.illiana.net] On Behalf Of Kurt Kessler
Sent: Wednesday, April 09, 2003 11:13 PM
To: kclug at kclug.org
Subject: Firewall logs
Lately i have been getting a shitload of alerts from
my firewall. and it always seems to be the same Ip
that its coming from. this has been happening for
about two days now. either im completely
misinterpreting these logs, or someone is very
persistent. now, before i jump to conclusions, can
anyone give me their opinion on whether this is
harmless or if they think this should be reported or
'other'? getting these constant emails about security
alerts is starting to get annoying. Here is what i
have:
Wed, 04/09/2003 17:06:02 - TCP connection dropped - Source:68.63.4.110,
1288, WAN - Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed,
04/09/2003 17:08:32 - TCP connection dropped - Source:68.63.4.110, 1319, WAN
- Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed,
04/09/2003 17:10:11 - TCP connection dropped - Source:68.63.4.110, 1344, WAN
- Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed,
04/09/2003 17:14:25 - TCP connection dropped - Source:68.63.4.110, 1419, WAN
- Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed,
04/09/2003 17:15:55 - TCP connection dropped - Source:68.63.4.110, 1444, WAN
- Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed,
04/09/2003 17:19:28 - TCP connection dropped - Source:68.63.4.110, 1519, WAN
- Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed,
04/09/2003 17:25:13 - TCP connection dropped - Source:68.63.4.110, 1597, WAN
- Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed,
04/09/2003 17:25:48 - UDP packet dropped - Source:165.200.87.204, 1386, WAN
- Destination:68.86.46.178, 1434, LAN - 'Suspicious UDP Data' Wed,
04/09/2003 17:30:13 - TCP connection dropped - Source:68.63.4.110, 1673, WAN
- Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed,
04/09/2003 17:33:56 - TCP connection dropped - Source:200.65.168.23, 21026,
WAN - Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed,
04/09/2003 17:34:49 - TCP connection dropped - Source:68.63.4.110, 1776, WAN
- Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed,
04/09/2003 17:38:00 - TCP connection dropped - Source:68.38.198.29, 4997,
WAN - Destination:68.86.46.178, 80, LAN - 'WEB' Wed, 04/09/2003 17:38:33 -
TCP connection dropped - Source:160.79.200.2, 3720, WAN -
Destination:68.86.46.178, 445, LAN - 'SMB' Wed, 04/09/2003 17:38:55 - TCP
connection dropped - Source:68.63.4.110, 1844, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
17:40:36 - TCP connection dropped - Source:68.63.4.110, 1875, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
17:42:19 - TCP connection dropped - Source:68.63.4.110, 1913, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
17:48:23 - TCP connection dropped - Source:68.63.4.110, 2031, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
17:49:15 - TCP connection dropped - Source:172.193.157.189, 1387, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
17:52:42 - TCP connection dropped - Source:68.63.4.110, 2098, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
17:54:08 - TCP connection dropped - Source:68.63.4.110, 2129, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
17:55:55 - TCP connection dropped - Source:68.63.4.110, 2169, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
17:59:03 - TCP connection dropped - Source:68.63.4.110, 2234, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
18:02:35 - TCP connection dropped - Source:68.63.4.110, 2305, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
18:04:05 - TCP connection dropped - Source:68.63.4.110, 2341, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
18:06:29 - TCP connection dropped - Source:68.63.4.110, 2387, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
18:09:46 - TCP connection dropped - Source:68.63.4.110, 2411, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
18:11:49 - UDP packet dropped - Source:128.11.156.210, 1144, WAN -
Destination:68.86.46.178, 1434, LAN - 'Suspicious UDP Data' Wed, 04/09/2003
18:12:32 - TCP connection dropped - Source:68.63.4.110, 2459, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
18:13:56 - TCP connection dropped - Source:68.86.33.226, 4569, WAN -
Destination:68.86.46.178, 80, LAN - 'WEB' Wed, 04/09/2003 18:16:26 - UDP
packet dropped - Source:61.136.176.5, 1041, WAN - Destination:68.86.46.178,
1434, LAN - 'Suspicious UDP Data' Wed, 04/09/2003 18:17:43 - TCP connection
dropped - Source:61.127.75.91, 1775, WAN - Destination:68.86.46.178, 445,
LAN - 'SMB' Wed, 04/09/2003 18:18:08 - TCP connection dropped -
Source:68.63.4.110, 2514, WAN - Destination:68.86.46.178, 3150, LAN -
'Suspicious TCP Data' Wed, 04/09/2003 18:19:27 - TCP connection dropped -
Source:68.63.4.110, 2541, WAN - Destination:68.86.46.178, 3150, LAN -
'Suspicious TCP Data' Wed, 04/09/2003 18:19:49 - UDP packet dropped -
Source:213.174.174.167, 1058, WAN - Destination:68.86.46.178, 1434, LAN -
'Suspicious UDP Data' Wed, 04/09/2003 18:24:11 - TCP connection dropped -
Source:68.63.4.110, 2634, WAN - Destination:68.86.46.178, 3150, LAN -
'Suspicious TCP Data' Wed, 04/09/2003 18:27:49 - TCP connection dropped -
Source:68.63.4.110, 2736, WAN - Destination:68.86.46.178, 3150, LAN -
'Suspicious TCP Data' Wed, 04/09/2003 18:32:59 - TCP connection dropped -
Source:81.101.153.154, 3823, WAN - Destination:68.86.46.178, 445, LAN -
'SMB' Wed, 04/09/2003 18:33:37 - TCP connection dropped -
Source:68.86.172.218, 2004, WAN - Destination:68.86.46.178, 80, LAN - 'WEB'
Wed, 04/09/2003 18:35:30 - TCP connection dropped - Source:68.63.4.110,
2894, WAN - Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed,
04/09/2003 18:37:56 - TCP connection dropped - Source:68.63.4.110, 2961, WAN
- Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed,
04/09/2003 18:39:53 - TCP connection dropped - Source:68.63.4.110, 3009, WAN
- Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed,
04/09/2003 18:42:15 - TCP connection dropped - Source:68.63.4.110, 3056, WAN
- Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed,
04/09/2003 18:46:08 - TCP connection dropped - Source:68.63.4.110, 3140, WAN
- Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed,
04/09/2003 18:47:53 - TCP connection dropped - Source:68.63.4.110, 3184, WAN
- Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed,
04/09/2003 18:49:40 - TCP connection dropped - Source:68.63.4.110, 3225, WAN
- Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed,
04/09/2003 18:50:21 - TCP connection dropped - Source:68.86.172.218, 4269,
WAN - Destination:68.86.46.178, 80, LAN - 'WEB' Wed, 04/09/2003 18:51:16 -
TCP connection dropped - Source:68.63.4.110, 3261, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
18:53:15 - TCP connection dropped - Source:68.63.4.110, 3304, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
18:55:12 - TCP connection dropped - Source:68.63.4.110, 3344, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
18:57:09 - TCP connection dropped - Source:68.63.4.110, 3376, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
18:57:40 - TCP connection dropped - Source:68.86.60.144, 1706, WAN -
Destination:68.86.46.178, 27374, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
18:60:27 - TCP connection dropped - Source:68.63.4.110, 3412, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
19:07:18 - TCP connection dropped - Source:68.63.4.110, 3466, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
19:11:08 - TCP connection dropped - Source:68.63.4.110, 3509, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
19:12:32 - TCP connection dropped - Source:68.63.4.110, 3537, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
19:16:44 - TCP connection dropped - Source:68.63.4.110, 3579, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
19:18:23 - TCP connection dropped - Source:68.63.4.110, 3609, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
19:19:45 - TCP connection dropped - Source:68.63.4.110, 3638, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
19:23:04 - TCP connection dropped - Source:68.63.4.110, 3673, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
19:24:59 - TCP connection dropped - Source:68.63.4.110, 3706, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
19:27:33 - TCP connection dropped - Source:68.63.4.110, 3757, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
19:28:51 - TCP connection dropped - Source:68.86.60.144, 3347, WAN -
Destination:68.86.46.178, 1237, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
19:29:31 - TCP connection dropped - Source:68.63.4.110, 3800, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
19:31:39 - TCP connection dropped - Source:68.63.4.110, 3842, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
19:35:12 - TCP connection dropped - Source:68.63.4.110, 3905, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
19:38:35 - TCP connection dropped - Source:68.63.4.110, 3948, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
19:40:23 - TCP connection dropped - Source:68.63.4.110, 3984, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
19:46:33 - TCP connection dropped - Source:68.63.4.110, 4081, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
19:48:47 - TCP connection dropped - Source:68.63.4.110, 4131, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
19:50:55 - TCP connection dropped - Source:68.63.4.110, 4180, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
19:53:05 - TCP connection dropped - Source:68.63.4.110, 4234, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
19:56:48 - TCP connection dropped - Source:68.63.4.110, 4332, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
19:58:15 - TCP connection dropped - Source:68.63.4.110, 4369, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:02:27 - TCP connection dropped - Source:68.63.4.110, 4490, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:04:32 - TCP connection dropped - Source:68.63.4.110, 4547, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:08:36 - TCP connection dropped - Source:68.63.4.110, 4662, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:10:19 - TCP connection dropped - Source:68.63.4.110, 4702, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:12:40 - TCP connection dropped - Source:68.86.223.10, 1355, WAN -
Destination:68.86.46.178, 80, LAN - 'WEB' Wed, 04/09/2003 20:13:07 - TCP
connection dropped - Source:68.63.4.110, 4780, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:14:31 - TCP connection dropped - Source:68.63.4.110, 4809, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:17:13 - TCP connection dropped - Source:68.63.4.110, 4860, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:17:52 - TCP connection dropped - Source:209.179.52.107, 6699, WAN -
Destination:68.86.46.178, 18457, LAN - 'Possible Port Scan' Wed, 04/09/2003
20:18:33 - TCP connection dropped - Source:68.63.4.110, 4900, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:20:36 - TCP connection dropped - Source:68.63.4.110, 4934, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:22:00 - TCP connection dropped - Source:68.63.4.110, 4971, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:23:26 - TCP connection dropped - Source:68.63.4.110, 1037, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:26:35 - TCP connection dropped - Source:68.63.4.110, 1104, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:27:01 - TCP connection dropped - Source:68.86.223.10, 2817, WAN -
Destination:68.86.46.178, 80, LAN - 'WEB' Wed, 04/09/2003 20:27:59 - TCP
connection dropped - Source:68.63.4.110, 1132, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:28:15 - TCP connection dropped - Source:209.179.52.107, 6699, WAN -
Destination:68.86.46.178, 18460, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:29:19 - TCP connection dropped - Source:68.63.4.110, 1161, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:31:57 - TCP connection dropped - Source:68.63.4.110, 1218, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:33:17 - TCP connection dropped - Source:68.63.4.110, 1251, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:33:23 - TCP connection dropped - Source:68.116.136.131, 4345, WAN -
Destination:68.86.46.178, 80, LAN - 'WEB' Wed, 04/09/2003 20:38:53 - TCP
connection dropped - Source:68.86.223.10, 4069, WAN -
Destination:68.86.46.178, 80, LAN - 'WEB' Wed, 04/09/2003 20:39:43 - TCP
connection dropped - Source:68.63.4.110, 1394, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:45:44 - TCP connection dropped - Source:68.63.4.110, 1554, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:47:35 - TCP connection dropped - Source:68.63.4.110, 1607, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:49:15 - TCP connection dropped - Source:68.63.4.110, 1653, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:52:23 - TCP connection dropped - Source:68.63.4.110, 1740, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:53:46 - TCP connection dropped - Source:68.63.4.110, 1780, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:56:11 - TCP connection dropped - Source:68.63.4.110, 1837, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
20:60:06 - TCP connection dropped - Source:68.63.4.110, 1948, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
21:01:43 - TCP connection dropped - Source:68.63.4.110, 1985, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
21:03:24 - TCP connection dropped - Source:68.63.4.110, 2026, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
21:05:03 - TCP connection dropped - Source:68.63.4.110, 2068, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
21:07:06 - TCP connection dropped - Source:68.63.4.110, 2128, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
21:09:13 - TCP connection dropped - Source:68.63.4.110, 2187, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
21:12:44 - TCP connection dropped - Source:68.63.4.110, 2273, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
21:17:36 - TCP connection dropped - Source:68.63.4.110, 2357, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
21:21:03 - TCP connection dropped - Source:68.63.4.110, 2447, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
21:22:15 - UDP packet dropped - Source:12.235.19.62, 4203, WAN -
Destination:68.86.46.178, 135, LAN - 'Possible Port Scan' Wed, 04/09/2003
21:22:35 - TCP connection dropped - Source:68.63.4.110, 2488, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
21:33:33 - TCP connection dropped - Source:68.63.4.110, 2594, WAN -
Destination:68.86.46.178, 3150, LAN - 'Suspicious TCP Data' Wed, 04/09/2003
21:35:06 - �MÀ™
__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - File online, calculators, forms, and more
http://tax.yahoo.com
More information about the Kclug
mailing list