Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Questions regarding our firewall log

Status
Not open for further replies.
Gersen

Gersen

Technical User
Jun 11, 2002
99
US
We are having some problems with Internet access from our business DSL connection. I am going through the firewall logs, but am having problems telling what's occuring, not being tremendously experienced in TCP troubleshooting. There are 3 portions of our firewall log included below, and I was hoping someone could point out any problems they see. To my eye, the first excerpt below looks like a DOS attack?

The other segments show some traffic I can't identify, like "IP ICMP type (8) code (0) received" or "IP ICMP type (3) code (3) received", and those don't mean anything to me, except maybe as incoming pings? And what is "ICMP type (3) code (13)(SIP discarded)" ?

Also there's some blocked traffic going outbound, and I believe the ones to port 5190 are IM traffic, and the port 443 may be MSN messenger.

Anything you can tell me about how to interpret these log segments, or where to find more info on how to do so, would be appreciated.

Gersen

------


2003-11-14-11:22:28 IP discard from 67.36.98.138 port 2977 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:28 IP discard from 67.36.98.138 port 2973 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:28 IP discard from 67.36.98.138 port 2971 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:28 IP discard from 67.36.98.138 port 2970 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:28 IP discard from 67.36.98.138 port 2969 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:28 IP discard from 67.36.98.138 port 2968 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:28 IP discard from 67.36.98.138 port 2967 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:28 IP discard from 67.36.98.138 port 2966 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:28 IP discard from 67.36.98.138 port 2965 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:22 IP discard from 67.36.98.138 port 2977 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:22 IP discard from 67.36.98.138 port 2973 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:22 IP discard from 67.36.98.138 port 2971 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:22 IP discard from 67.36.98.138 port 2970 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:22 IP discard from 67.36.98.138 port 2969 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:22 IP discard from 67.36.98.138 port 2968 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:22 IP discard from 67.36.98.138 port 2967 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:22 IP discard from 67.36.98.138 port 2966 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:22 IP discard from 67.36.98.138 port 2965 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:19 IP discard from 67.36.98.138 port 2977 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:19 IP discard from 67.36.98.138 port 2973 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:19 IP discard from 67.36.98.138 port 2971 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:19 IP discard from 67.36.98.138 port 2970 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:19 IP discard from 67.36.98.138 port 2969 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:19 IP discard from 67.36.98.138 port 2968 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:19 IP discard from 67.36.98.138 port 2967 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:19 IP discard from 67.36.98.138 port 2966 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)
2003-11-14-11:22:19 IP discard from 67.36.98.138 port 2965 to XXX,XXX,XXX,XXX port 445 TCP SYN (default)




2003-11-14-11:39:33 MONITOR Administrator access allowed from 10.0.0.5
2003-11-14-11:39:20 IP ICMP type (8) code (0) received from 67.34.68.156
IP entry duplicated 2 times
2003-11-14-11:39:06 IP discard from 10.0.0.40 port 1464 to 65.54.225.241 port 443 TCP SYN (default)
IP entry duplicated 2 times
2003-11-14-11:38:45 IP discard from 10.0.0.40 port 1463 to 65.54.229.253 port 443 TCP SYN (default)
2003-11-14-11:38:36 IP ICMP type (8) code (0) received from 67.35.20.168
2003-11-14-11:38:33 IP discard from 10.0.0.40 port 1462 to 65.54.229.248 port 443 TCP SYN (default)
2003-11-14-11:38:32 MONITOR Administrator access allowed from 10.0.0.5
IP entry duplicated 1 times
2003-11-14-11:38:24 IP discard from 10.0.0.40 port 1462 to 65.54.229.248 port 443 TCP SYN (default)
IP entry duplicated 2 times
2003-11-14-11:38:13 IP discard from 10.0.0.40 port 1461 to 65.54.229.248 port 443 TCP SYN (default)
2003-11-14-11:38:10 IP ICMP type (8) code (0) received from 67.35.41.181
2003-11-14-11:38:04 IP discard from 10.0.0.20 port 2695 to 152.163.11.20 port 5190 TCP SYN (default)
2003-11-14-11:38:01 IP discard from 10.0.0.40 port 1455 to 65.54.228.253 port 443 TCP SYN (default)
2003-11-14-11:37:57 IP discard from 10.0.0.20 port 2695 to 152.163.11.30 port 5190 TCP SYN (default)
2003-11-14-11:37:55 IP discard from 10.0.0.40 port 1455 to 65.54.228.253 port 443 TCP SYN (default)

2003-11-14-11:37:34 IP ICMP type (8) code (0) received from 67.34.126.230
2003-11-14-11:37:31 IP discard from 10.0.0.40 port 1430 to 65.54.229.248 port 443 TCP SYN (default)
2003-11-14-11:37:31 MONITOR Administrator access allowed from 10.0.0.5
IP entry duplicated 1 times
2003-11-14-11:37:22 IP discard from 10.0.0.40 port 1430 to 65.54.229.248 port 443 TCP SYN (default)
IP entry duplicated 1 times
2003-11-14-11:37:08 IP discard from 10.0.0.40 port 1423 to 207.46.104.20 port 1863 TCP SYN (default)
2003-11-14-11:36:30 MONITOR Administrator access allowed from 10.0.0.5
2003-11-14-11:36:28 IP ICMP type (8) code (0) received from 67.36.1.12
2003-11-14-11:35:52 IP ICMP type (8) code (0) received from 67.36.157.164
2003-11-14-11:35:51 IP ICMP type (8) code (0) received from 67.36.98.139
IP entry duplicated 1 times

2003-11-14-11:35:30 IP ICMP type (8) code (0) received from 67.37.132.156
2003-11-14-11:35:29 MONITOR Administrator access allowed from 10.0.0.5
2003-11-14-11:35:28 IP discard from 10.0.0.40 port 1414 to 65.54.228.253 port 443 TCP SYN (default)
2003-11-14-11:35:27 IP ICMP type (8) code (0) received from 67.38.166.89
2003-11-14-11:35:25 IP discard from 10.0.0.20 port 2648 to 64.12.9.24 port 5190 TCP SYN (default)
2003-11-14-11:35:24 IP discard from 10.0.0.20 port 2653 to 152.163.11.30 port 5190 TCP SYN (default)
2003-11-14-11:35:22 IP discard from 10.0.0.40 port 1414 to 65.54.228.253 port 443 TCP SYN (default)
2003-11-14-11:35:22 IP ICMP type (8) code (0) received from 67.34.45.65

2003-11-14-11:35:16 IP discard from 10.0.0.20 port 2648 to 64.12.9.24 port 5190 TCP SYN (default)
IP entry duplicated 1 times
2003-11-14-11:35:09 IP discard from 10.0.0.40 port 1411 to 207.46.104.20 port 1863 TCP SYN (default)
IP entry duplicated 2 times
2003-11-14-11:34:41 IP discard from 10.0.0.40 port 1407 to 65.54.228.253 port 443 TCP SYN (default)
2003-11-14-11:34:29 IP discard from 10.0.0.40 port 1394 to 65.54.228.244 port 443 TCP SYN (default)
2003-11-14-11:34:29 MONITOR Administrator access allowed from 10.0.0.5
2003-11-14-11:34:27 IP ICMP type (8) code (0) received from 67.34.217.209
IP entry duplicated 1 times
2003-11-14-11:34:20 IP discard from 10.0.0.40 port 1394 to 65.54.228.244 port 443 TCP SYN (default)
IP entry duplicated 1 times
2003-11-14-11:34:00 IP ICMP type (8) code (0) received from 67.36.1.17
2003-11-14-11:33:55 IP ICMP type (8) code (0) received from 67.35.36.143
IP entry duplicated 1 times
2003-11-14-11:33:51 IP discard from 10.0.0.40 port 1387 to 207.46.104.20 port 1863 TCP SYN (default)
2003-11-14-11:33:36 IP ICMP type (8) code (0) received from 67.35.242.124
2003-11-14-11:33:28 MONITOR Administrator access allowed from 10.0.0.5
2003-11-14-11:33:25 IP allowed from 212.181.53.23 port 54323 to XXX,XXX,XXX,XXX port 4662 TCP SYN (Overnet)
IP entry duplicated 2 times
2003-11-14-11:33:17 IP allowed from 202.106.120.64 port 4763 to XXX,XXX,XXX,XXX port 4662 TCP SYN (Overnet)
2003-11-14-11:32:57 IP ICMP type (8) code (0) received from 67.36.1.16
IP entry duplicated 1 times
2003-11-14-11:32:45 IP discard from 64.109.246.168 port 2087 to XXX,XXX,XXX,XXX port 135 TCP SYN (default)
2003-11-14-11:32:39 IP ICMP type (8) code (0) received from 67.39.67.107
2003-11-14-11:32:29 IP ICMP type (8) code (0) received from 67.37.6.243
2003-11-14-11:32:18 MONITOR Administrator access allowed from 10.0.0.5
2003-11-14-11:31:53 IP ICMP type (8) code (0) received from 67.33.138.38
2003-11-14-11:31:30 CONFIG Config file updated
2003-11-14-11:31:12 IP ICMP type (8) code (0) received from 67.39.66.105
IP entry duplicated 1 times
2003-11-14-11:31:06 IP discard from 217.232.231.241 port 2168 to XXX,XXX,XXX,XXX port 1433 TCP SYN (default)
2003-11-14-11:30:52 MONITOR Administrator access allowed from 10.0.0.5
2003-11-14-11:30:25 IP ICMP type (8) code (0) received from 67.34.148.19
2003-11-14-11:29:53 IP ICMP type (8) code (0) received from 67.35.119.199
2003-11-14-11:29:43 IP allowed from 68.63.20.218 port 2615 to XXX,XXX,XXX,XXX port 25 TCP SYN (SMTP)
IP entry duplicated 3 times
2003-11-14-11:29:37 IP ICMP type (0) code (0) received from 67.38.100.27
2003-11-14-11:29:30 IP ICMP type (3) code (13) received from 68.22.103.18
2003-11-14-11:29:30 IP ICMP type (8) code (0) received from 67.35.50.20
IP entry duplicated 2 times
2003-11-14-11:29:27 IP ICMP type (3) code (13) received from 68.22.103.18
2003-11-14-11:29:26 IP discard from 67.37.162.190 to to XXX,XXX,XXX,XXX ICMP type (3) code (13)(SIP discarded)
2003-11-14-11:29:26 IP ICMP type (3) code (13) received from 67.37.162.190
2003-11-14-11:29:23 IP discard from 67.37.162.190 to to XXX,XXX,XXX,XXX ICMP type (3) code (13)(SIP discarded)
2003-11-14-11:29:23 IP ICMP type (3) code (13) received from 67.37.162.190
2003-11-14-11:29:19 IP ICMP type (8) code (0) received from 67.34.9.31
IP entry duplicated 3 times
2003-11-14-11:29:11 IP ICMP type (0) code (0) received from 67.36.128.26
IP entry duplicated 19 times
2003-11-14-11:28:32 IP ICMP type (0) code (0) received from 216.135.52.234
IP entry duplicated 3 times
2003-11-14-11:28:27 IP ICMP type (0) code (0) received from 67.36.98.138
2003-11-14-11:28:13 IP allowed from 68.59.108.226 port 4043 to XXX,XXX,XXX,XXX port 25 TCP SYN (SMTP)
2003-11-14-11:28:12 IP allowed from 65.35.69.26 port 3600 to XXX,XXX,XXX,XXX port 25 TCP SYN (SMTP)
2003-11-14-11:28:08 IP ICMP type (8) code (0) received from 67.36.1.19
2003-11-14-11:28:02 MONITOR Administrator access allowed from 10.0.0.5
2003-11-14-11:27:26 IP allowed from 64.12.138.18 port 56365 to XXX,XXX,XXX,XXX port 25 TCP SYN (SMTP)
2003-11-14-11:27:17 IP ICMP type (8) code (0) received from 67.37.85.65
2003-11-14-11:27:12 IP ICMP type (8) code (0) received from 67.34.53.243
2003-11-14-11:26:59 IP ICMP type (8) code (0) received from 67.39.236.23
2003-11-14-11:26:57 MONITOR Administrator access allowed from 10.0.0.5
2003-11-14-11:25:47 IP ICMP type (0) code (0) received from 216.135.52.234
2003-11-14-11:25:46 IP ICMP type (8) code (0) received from 67.37.6.74
IP entry duplicated 18 times
2003-11-14-11:25:21 IP ICMP type (0) code (0) received from 216.135.52.234


2003-11-14-11:46:12 MONITOR Administrator access allowed from 10.0.0.5
2003-11-14-11:46:05 IP allowed from 207.229.190.30 port 56310 to XXX,XXX,XXX,XXX port 25 TCP SYN (SMTP)
2003-11-14-11:46:05 IP discard from 69.6.50.232 to to XXX,XXX,XXX,XXX ICMP type (3) code (3)(SIP discarded)
2003-11-14-11:46:05 IP ICMP type (3) code (3) received from 69.6.50.232
2003-11-14-11:46:03 IP discard from 69.6.50.232 to to XXX,XXX,XXX,XXX ICMP type (3) code (3)(SIP discarded)
2003-11-14-11:46:03 IP ICMP type (3) code (3) received from 69.6.50.232
2003-11-14-11:46:02 IP discard from 69.6.50.232 to to XXX,XXX,XXX,XXX ICMP type (3) code (3)(SIP discarded)
2003-11-14-11:46:02 IP ICMP type (3) code (3) received from 69.6.50.232
IP entry duplicated 1 times
2003-11-14-11:45:56 IP allowed from 207.229.190.30 port 56310 to XXX,XXX,XXX,XXX port 25 TCP SYN (SMTP)
2003-11-14-11:45:56 IP ICMP type (8) code (0) received from 67.34.240.209
IP entry duplicated 4 times
2003-11-14-11:45:46 IP ICMP type (3) code (3) received from 67.38.100.27
2003-11-14-11:45:45 IP allowed from 69.6.50.232 port 51942 to XXX,XXX,XXX,XXX port 25 TCP SYN (SMTP)
2003-11-14-11:45:44 IP ICMP type (8) code (0) received from 67.36.60.156
2003-11-14-11:45:41 IP allowed from 207.229.190.30 port 55984 to XXX,XXX,XXX,XXX port 25 TCP SYN (SMTP)
2003-11-14-11:45:29 IP allowed from 207.229.190.30 port 55650 to XXX,XXX,XXX,XXX port 25 TCP SYN (SMTP)
IP entry duplicated 1 times
2003-11-14-11:45:27 IP discard from 10.0.0.40 port 64131 to 10.0.0.1 port 1900 UDP (port not available)
2003-11-14-11:45:17 IP allowed from 207.229.190.30 port 55984 to XXX,XXX,XXX,XXX port 25 TCP SYN (SMTP)
2003-11-14-11:45:13 IP discard from 66.54.211.30 to to XXX,XXX,XXX,XXX ICMP type (3) code (3)(SIP discarded)
2003-11-14-11:45:13 IP ICMP type (3) code (3) received from 66.54.211.30
2003-11-14-11:45:11 IP discard from 66.54.211.30 to to XXX,XXX,XXX,XXX ICMP type (3) code (3)(SIP discarded)
2003-11-14-11:45:11 IP ICMP type (3) code (3) received from 66.54.211.30
2003-11-14-11:45:10 IP discard from 66.54.211.30 to to XXX,XXX,XXX,XXX ICMP type (3) code (3)(SIP discarded)
2003-11-14-11:45:10 IP ICMP type (3) code (3) received from 66.54.211.30
IP entry duplicated 1 times
2003-11-14-11:45:07 IP ICMP type (3) code (1) received from 66.7.181.10
2003-11-14-11:45:05 IP allowed from 207.229.190.30 port 55984 to XXX,XXX,XXX,XXX port 25 TCP SYN (SMTP)
2003-11-14-11:45:04 IP ICMP type (3) code (1) received from 66.7.181.10
2003-11-14-11:45:04 IP ICMP type (3) code (3) received from 67.38.100.27
IP entry duplicated 3 times
2003-11-14-11:45:00 IP ICMP type (3) code (1) received from 66.7.181.10
2003-11-14-11:45:00 IP ICMP type (3) code (3) received from 67.38.100.27
2003-11-14-11:44:59 IP allowed from 207.229.190.30 port 55984 to XXX,XXX,XXX,XXX port 25 TCP SYN (SMTP)
2003-11-14-11:44:58 IP ICMP type (3) code (1) received from 66.7.181.10
2003-11-14-11:44:58 IP ICMP type (3) code (3) received from 67.38.100.27
2003-11-14-11:44:57 IP ICMP type (3) code (1) received from 66.7.181.10
2003-11-14-11:44:56 IP ICMP type (3) code (3) received from 67.38.100.27
2003-11-14-11:44:56 IP allowed from 207.229.190.30 port 55984 to XXX,XXX,XXX,XXX port 25 TCP SYN (SMTP)
2003-11-14-11:44:55 IP ICMP type (3) code (3) received from 67.38.100.27
2003-11-14-11:44:54 IP allowed from 66.54.211.30 port 50309 to XXX,XXX,XXX,XXX port 25 TCP SYN (SMTP)
2003-11-14-11:44:50 IP ICMP type (8) code (0) received from 67.39.117.54
2003-11-14-11:44:43 CONFIG Config file updated
2003-11-14-11:44:42 MONITOR Administrator access allowed from 10.0.0.5
2003-11-14-11:44:41 IP allowed from 207.229.190.30 port 55650 to XXX,XXX,XXX,XXX port 25 TCP SYN (SMTP)
2003-11-14-11:44:29 IP allowed from 207.229.190.30 port 55303 to XXX,XXX,XXX,XXX port 25 TCP SYN (SMTP)
IP entry duplicated 2 times
2003-11-14-11:43:59 IP allowed from 207.229.190.30 port 55650 to XXX,XXX,XXX,XXX port 25 TCP SYN (SMTP)
2003-11-14-11:43:58 IP ICMP type (8) code (0) received from 67.35.48.150
2003-11-14-11:43:57 IP discard from 10.0.0.40 port 1502 to 65.54.225.241 port 443 TCP SYN (default)
2003-11-14-11:43:56 IP allowed from 207.229.190.30 port 55650 to XXX,XXX,XXX,XXX port 25 TCP SYN (SMTP)
2003-11-14-11:43:45 IP discard from 10.0.0.40 port 1501 to 65.54.229.253 port 443 TCP SYN (default)
2003-11-14-11:43:42 IP ICMP type (8) code (0) received from 67.34.24.62
2003-11-14-11:43:41 IP allowed from 207.229.190.30 port 55303 to XXX,XXX,XXX,XXX port 25 TCP SYN (SMTP)
IP entry duplicated 1 times
2003-11-14-11:43:36 IP discard from 10.0.0.40 port 1501 to 65.54.229.253 port 443 TCP SYN (default)
2003-11-14-11:43:36 MONITOR Administrator access allowed from 10.0.0.5
IP entry duplicated 1 times
2003-11-14-11:43:29 IP discard from 10.0.0.40 port 1498 to 207.46.104.20 port 1863 TCP SYN (default)
2003-11-14-11:43:27 IP allowed from 212.181.53.23 port 54702 to XXX,XXX,XXX,XXX port 4662 TCP SYN (Overnet)
IP entry duplicated 2 times
2003-11-14-11:43:20 IP allowed from 202.106.120.64 port 1785 to XXX,XXX,XXX,XXX port 4662 TCP SYN (Overnet)
2003-11-14-11:43:18 IP ICMP type (8) code (0) received from 67.38.13.55
IP entry duplicated 2 times
2003-11-14-11:42:59 IP allowed from 207.229.190.30 port 55303 to XXX,XXX,XXX,XXX port 25 TCP SYN (SMTP)
2003-11-14-11:42:57 IP ICMP type (3) code (3) received from 67.38.100.27
2003-11-14-11:42:56 IP allowed from 207.229.190.30 port 55303 to XXX,XXX,XXX,XXX port 25 TCP SYN (SMTP)
2003-11-14-11:42:35 MONITOR Administrator access allowed from 10.0.0.5
2003-11-14-11:42:08 IP ICMP type (8) code (0) received from 67.36.8.108
2003-11-14-11:41:34 MONITOR Administrator access allowed from 10.0.0.5
2003-11-14-11:41:03 IP discard from 10.0.0.20 port 2773 to 152.163.15.212 port 5190 TCP SYN (default)
2003-11-14-11:41:00 IP discard from 10.0.0.20 port 2773 to 205.188.68.30 port 5190 TCP SYN (default)
2003-11-14-11:40:58 IP ICMP type (8) code (0) received from 67.38.134.198
IP entry duplicated 1 times
2003-11-14-11:40:51 IP discard from 10.0.0.20 port 2773 to 205.188.68.30 port 5190 TCP SYN (default)
2003-11-14-11:40:50 IP ICMP type (8) code (0) received from 67.36.1.14
2003-11-14-11:40:39 IP discard from 10.0.0.20 port 2773 to 64.12.9.91 port 5190 TCP SYN (default)
2003-11-14-11:40:36 IP allowed from 80.55.248.2 port 1945 to XXX,XXX,XXX,XXX port 25 TCP SYN (SMTP)
2003-11-14-11:40:33 MONITOR Administrator access allowed from 10.0.0.5
2003-11-14-11:40:33 IP discard from 10.0.0.20 port 2768 to 152.163.11.27 port 5190 TCP SYN (default)
IP entry duplicated 1 times
2003-11-14-11:40:30 IP discard from 10.0.0.20 port 2773 to 64.12.9.91 port 5190 TCP SYN (default)
IP entry duplicated 1 times
2003-11-14-11:40:24 IP discard from 10.0.0.20 port 2768 to 152.163.11.27 port 5190 TCP SYN (default)
2003-11-14-11:40:03 IP ICMP type (8) code (0) received from 67.35.36.113

 
Sort by date Sort by votes
oh, our IP address in the above text has been replaced by XXX.XXX.XXX.XXX

There are only 10 kinds of people; those who understand binary and those who don't...
 
Upvote 0 Downvote
Section 1 -- a church in Texas has a computer with an infected machine. Port 445 is part of SMB/NetBIOS.

ICMP is generally ping requests or echos.
 
Upvote 0 Downvote
Ah, I thought NetBIOS only used 137 and 139... thanks. As for the IP address of the church, was I correct that it's an attempt at a denial of service? I see attempts to connect from 9 different ports, all aimed at us. And how would that infected machine have picked out our address to target?

Thanks for the info, though having researched this today I feel a little slow for not having put the info together for myself yet. Still got a ways to go on learning Internet security...

There are only 10 kinds of people; those who understand binary and those who don't...
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

DWheater
  • Locked
  • Question
FTP through Back to Back Firewalls
Replies
0
Views
100
DWheater
DWheater
bpafc
  • Locked
  • Question
FTP login delay
Replies
2
Views
154
bpafc
bpafc
barcode2328
  • Locked
  • Question
Opening a firewall port temporarily.
Replies
1
Views
59
Noway2
Noway2
abcd12344445555
  • Locked
  • Question
RFC 3014 - Notification log mib
Replies
0
Views
62
abcd12344445555
abcd12344445555
3rdParty
  • Locked
  • Question
Tool for text file logging
Replies
0
Views
99
3rdParty
3rdParty

Part and Inventory Search

Sponsor

Back
Top