And another addendum. ;-) Just wanted to mention that at first glance it may seem odd that your local device is sending a reply, despite it also saying that access was denied for the incoming message.
Based on a bit more testing we did offline, it appears that the reply is a Destination Unreachable Net Unreachable. If the device is a Cisco router, I think you could configure it not to send that. From a security viewpoint, it's considered better to not reply at all, so the hackers don't know they got to a real address, as I'm sure you know. Cheers, Priscilla Priscilla Oppenheimer wrote: > > Looks like normal Internet behavior to me. The hackers are > probably pinging or port scanning. There's not enough info to > tell. Also what is the time between the attempts? If it's > continuous or continual, then maybe you should get worried. > But, mostly I would just say, welcome to the Internet. > > You could look up the offending source addresses in the Whois > database. If you can find the ISP, you could complain. Some > firewalls (or firewall advisers like "Who's There") will do the > lookup for you and even compose an e-mail to the offender. > > Priscilla Oppenheimer > http://www.priscilla.com > > Chuck wrote: > > > > I'm currently doing something that requires a particular piece > > of equipment > > of mine be on the public internet. I have use of four public > IP > > addresses > > from my ISP, but for the most part I have just my PC's > > connected via my > > firewall device, so that I am generally using only one of > those > > IP's. Most > > of the time, the other three are not being used. > > > > In any case, over the past couple of days that I have had > > something > > connected, I have noticed "something" happening on the piece > of > > equipment. > > > > IP: s=64.115.76.211 (Ethernet0), d=X.X.X.X, len 48, access > > denied > > IP: s=X.X.X.X (local), d=64.115.76.211 (Ethernet0), len 56, > > sending > > IP: s=64.115.76.211 (Ethernet0), d=X.X.X.X, len 48, access > > denied > > IP: s=X.X.X.X (local), d=64.115.76.211 (Ethernet0), len 56, > > sending > > IP: s=62.248.145.87 (Ethernet0), d=X.X.X.X, len 48, access > > denied > > IP: s=X.X.X.X (local), d=62.248.145.87 (Ethernet0), len 56, > > sending > > IP: s=62.248.145.87 (Ethernet0), d=X.X.X.X, len 48, access > > denied > > IP: s=X.X.X.X (local), d=62.248.145.87 (Ethernet0), len 56, > > sending > > IP: s=62.248.145.87 (Ethernet0), d=X.X.X.X, len 48, access > > denied > > IP: s=X.X.X.X (local), d=62.248.145.87 (Ethernet0), len 56, > > sending > > IP: s=168.154.165.13 (Ethernet0), d=X.X.X.X, len 44, access > > denied > > IP: s=X.X.X.X (local), d=168.154.165.13 (Ethernet0), len 56, > > sending > > IP: s=168.154.165.13 (Ethernet0), d=X.X.X.X, len 44, access > > denied > > IP: s=X.X.X.X (local), d=168.154.165.13 (Ethernet0), len 56, > > sending > > IP: s=168.154.165.13 (Ethernet0), d=X.X.X.X, len 40, access > > denied > > IP: s=X.X.X.X (local), d=168.154.165.13 (Ethernet0), len 56, > > sending > > IP: s=209.41.111.6 (Ethernet0), d=X.X.X.X, len 44, access > denied > > IP: s=X.X.X.X (local), d=209.41.111.6 (Ethernet0), len 56, > > sending > > IP: s=209.41.111.6 (Ethernet0), d=X.X.X.X, len 44, access > denied > > IP: s=X.X.X.X (local), d=209.41.111.6 (Ethernet0), len 56, > > sending > > IP: s=209.41.111.6 (Ethernet0), d=X.X.X.X, len 44, access > denied > > IP: s=X.X.X.X (local), d=209.41.111.6 (Ethernet0), len 56, > > sending > > ! > > > > Access is denied because the source IP's are not meeting > certain > > requirements, like maybe using forbidden ports, or maybe being > > from > > forbidden subnets or maybe because they are communists. > > > > Just wondering. Accident? Something to watch? Something to > > report? > > > > Chuck > > > > > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48347&t=48318 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
