Pablo,
This looks like the GlobalDispatch service that doubleclick
uses to globally distribute their content. I and others have
suggested that they use ICMP / pings for their network latency
testing, so this kind of confusion will be prevented in the
future.
Their software's use of many src IP's looks like an nmap attack,
and is very worrisome at first, and a pain to investigate at best.
-- Joshua
___________________________________________________________________
Joshua Chamas Chamas Enterprises Inc.
NODEWORKS - web link monitoring Long Beach, CA 1-562-432-2469
http://www.nodeworks.com http://www.chamas.com
Pablo Alberto Pasion wrote:
>
> Hello.
> I have a Cisco PIX Firewall with a DMZ. The point is :
> Every day the PIX log reports things such as :
>
> Jun 18 09:23:23 Cisco ip%PIX-2-106001: Inbound TCP connection denied from
> 207.239.35.71/51214 to
> my ip /7 flags SYN
> Jun 18 09:23:23 Cisco ip%PIX-2-106001: Inbound TCP connection denied from
> 199.95.208.85/49859 to
> my ip /7 flags SYN
> Jun 18 09:23:23 Cisco ip%PIX-2-106001: Inbound TCP connection denied from
> 199.95.207.91/61767 to
> my ip /7 flags SYN
> Jun 18 09:23:23 Cisco ip%PIX-2-106001: Inbound TCP connection denied from
> 199.95.208.85/49860 to
> my ip /7 flags SYN
> Jun 18 09:23:23 Cisco ip%PIX-2-106001: Inbound TCP connection denied from
> 208.32.211.71/64566 to
> my ip /7 flags SYN
> Jun 18 09:23:23 Cisco ip%PIX-2-106001: Inbound TCP connection denied from
> 208.32.211.71/64567 to
> my ip /7 flags SYN
> Jun 18 09:23:23 Cisco ip%PIX-2-106001: Inbound TCP connection denied from
> 199.95.207.91/61768 to
> my ip /7 flags SYN
> Jun 18 09:23:23 Cisco ip%PIX-2-106001: Inbound TCP connection denied from
> 199.95.208.85/49861 to
> my ip /7 flags SYN
> Jun 18 09:23:23 Cisco ip%PIX-2-106001: Inbound TCP connection denied from
> 209.67.38.50/60073 to
> my ip /7 flags SYN
> Jun 18 09:23:24 Cisco ip%PIX-2-106001: Inbound TCP connection denied from
> 209.67.38.50/60074 to
> my ip /7 flags SYN
> Jun 18 09:23:24 Cisco ip%PIX-2-106001: Inbound TCP connection denied from
> 209.67.38.50/60075 to
> my ip /7 flags SYN
> Jun 18 09:23:24 Cisco ip%PIX-2-106001: Inbound TCP connection denied from
> 209.67.38.50/60076 to
> my ip /7 flags SYN
> Jun 18 09:23:24 Cisco ip%PIX-2-106001: Inbound TCP connection denied from
> 209.67.38.50/60077 to
> my ip /7 flags SYN
> Jun 18 09:23:24 Cisco ip%PIX-2-106001: Inbound TCP connection denied from
> 209.67.38.50/60078 to
> my ip /7 flags SYN
> Jun 18 09:23:24 Cisco ip%PIX-2-106001: Inbound TCP connection denied from
> 207.239.35.71/51213 to
> my ip /7 flags SYN
> Jun 18 09:24:24 Cisco ip%PIX-2-106001: Inbound TCP connection denied from
> 199.95.207.91/62682 to
> my ip /7 flags SYN
> Jun 18 09:24:24 Cisco ip%PIX-2-106001: Inbound TCP connection denied from
> 199.95.208.85/51092 to
> my ip /7 flags SYN
>
> Every day , at the same time and the same ip numbers.
> Is this an attack such as ip spoofing ?? Any idea ?
>
> Thanks in advance
>
>
> Pablo.
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
