Hi! > -- configuration -- > external interface is 206.230.232.xxx on eth1 and > internal interface is 192.168.1.1 on eth0 with my > [...] > Oct 31 19:48:43 reboots kernel: Packet log: input DENY eth0 PROTO=2 > 4.0.0.3:65535 227.37.32.1:65535 L=32 S=0x00 I=6912 F=0x0000 T=1 O=0x00000494 > (#39) > [...]
Nice! Well, whatever does this is trying to connect from the inside to one of six machines on the outside, none of them have a DNS-Entry. The source address ist forged, the destinations might be other infected machines. Since the source is forged, any reply will go to the forged source, so that computer might also be infected. Now what to do? You can/should consult the whois database (at internic e.g.) and inform the owner of those IPs - just a courtesy. You can/should also remove the cause from your machine(s) - in the case of windows, a new installation is the easiest method to do this. -- J�rn Engel mailto: [EMAIL PROTECTED] http://wohnheim.fh-wedel.de/~joern
