Looks like normal Internet behavior to me. The hackers are probably pinging or port scanning. There's not enough info to tell. Also what is the time between the attempts? If it's continuous or continual, then maybe you should get worried. But, mostly I would just say, welcome to the Internet.
You could look up the offending source addresses in the Whois database. If you can find the ISP, you could complain. Some firewalls (or firewall advisers like "Who's There") will do the lookup for you and even compose an e-mail to the offender. Priscilla Oppenheimer http://www.priscilla.com Chuck wrote: > > I'm currently doing something that requires a particular piece > of equipment > of mine be on the public internet. I have use of four public IP > addresses > from my ISP, but for the most part I have just my PC's > connected via my > firewall device, so that I am generally using only one of those > IP's. Most > of the time, the other three are not being used. > > In any case, over the past couple of days that I have had > something > connected, I have noticed "something" happening on the piece of > equipment. > > IP: s=64.115.76.211 (Ethernet0), d=X.X.X.X, len 48, access > denied > IP: s=X.X.X.X (local), d=64.115.76.211 (Ethernet0), len 56, > sending > IP: s=64.115.76.211 (Ethernet0), d=X.X.X.X, len 48, access > denied > IP: s=X.X.X.X (local), d=64.115.76.211 (Ethernet0), len 56, > sending > IP: s=62.248.145.87 (Ethernet0), d=X.X.X.X, len 48, access > denied > IP: s=X.X.X.X (local), d=62.248.145.87 (Ethernet0), len 56, > sending > IP: s=62.248.145.87 (Ethernet0), d=X.X.X.X, len 48, access > denied > IP: s=X.X.X.X (local), d=62.248.145.87 (Ethernet0), len 56, > sending > IP: s=62.248.145.87 (Ethernet0), d=X.X.X.X, len 48, access > denied > IP: s=X.X.X.X (local), d=62.248.145.87 (Ethernet0), len 56, > sending > IP: s=168.154.165.13 (Ethernet0), d=X.X.X.X, len 44, access > denied > IP: s=X.X.X.X (local), d=168.154.165.13 (Ethernet0), len 56, > sending > IP: s=168.154.165.13 (Ethernet0), d=X.X.X.X, len 44, access > denied > IP: s=X.X.X.X (local), d=168.154.165.13 (Ethernet0), len 56, > sending > IP: s=168.154.165.13 (Ethernet0), d=X.X.X.X, len 40, access > denied > IP: s=X.X.X.X (local), d=168.154.165.13 (Ethernet0), len 56, > sending > IP: s=209.41.111.6 (Ethernet0), d=X.X.X.X, len 44, access denied > IP: s=X.X.X.X (local), d=209.41.111.6 (Ethernet0), len 56, > sending > IP: s=209.41.111.6 (Ethernet0), d=X.X.X.X, len 44, access denied > IP: s=X.X.X.X (local), d=209.41.111.6 (Ethernet0), len 56, > sending > IP: s=209.41.111.6 (Ethernet0), d=X.X.X.X, len 44, access denied > IP: s=X.X.X.X (local), d=209.41.111.6 (Ethernet0), len 56, > sending > ! > > Access is denied because the source IP's are not meeting certain > requirements, like maybe using forbidden ports, or maybe being > from > forbidden subnets or maybe because they are communists. > > Just wondering. Accident? Something to watch? Something to > report? > > Chuck > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48321&t=48318 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
