This afternoon I received 292 log items in 6 seconds. I know that port 53 is related to DNS but beyond that I am fairly naive. The log analyzer at http://www.echogent.com/cgi-bin/fwlog.pl did not have any thin specific to say about these It is interesting to me that all 18 of the ips that sent packets did so all with in 6 seconds most of them sending exactly 16 packets each. Any help diagnosing this would be helpful. If they are harmless I will just make up a ipchains rule to not log them. I am using Dachstien rc2. Thanks for any insight. Robert Williams
292 Oct 25 15:51:01 firewall kernel: Packet log: input DENY eth0 PROTO=6 64.14.200.154:17181 64.171.17.149:53 L=44 S=0x00 I=0 F=0x0000 T=245 (#41) Oct 25 15:51:01 firewall kernel: Packet log: input DENY eth0 PROTO=6 209.249.97.40:60302 64.171.17.149:53 L=44 S=0x00 I=0 F=0x0000 T=245 (#41) Oct 25 15:51:01 firewall kernel: Packet log: input DENY eth0 PROTO=6 208.184.162.71:15070 64.171.17.149:53 L=44 S=0x00 I=0 F=0x0000 T=246 (#41) <snip> Oct 25 15:51:07 firewall kernel: Packet log: input DENY eth0 PROTO=6 202.139.133.129:16725 64.171.17.149:53 L=44 S=0x00 I=0 F=0x0000 T=243 (#41) Oct 25 15:51:07 firewall kernel: Packet log: input DENY eth0 PROTO=6 203.208.128.70:32687 64.171.17.149:53 L=44 S=0x00 I=0 F=0x0000 T=241 (#41) List of offending IPs 194.205.125.26 194.213.64.150 202.139.133.129 203.194.166.182 203.208.128.70 207.55.138.206 208.184.162.71 209.249.97.40 212.78.160.237 216.220.39.42 216.33.35.214 216.34.68.2 216.35.167.58 62.23.80.2 62.26.119.34 64.14.200.154 64.37.200.46 64.56.174.18 6 64.78.235.14 _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
