Craig Caughlin wrote: > Hi folks, > I'm thrilled that I've at least figured out how to get my DCD up and > running, and I'm looking to learn as much as I can! In checking DCD by using > my web browser, I notice that I keep getting variations of these "messages" > (See below, and I'm pretty sure they're from my ISP-ATTBI because I > recognize the 12.x.x.x. IP address), and I'm hoping someone can tell me 1.) > What they are, and 2.) Can you suggest how I might learn to understand what > each little piece of the message means ( a good book recommendation, online > tutorial, etc.) I bought Robert Ziegler's book entitled Linux Firewalls (a > great book!). As I learn more, I'd like to be able to "defend" my LAN > against probes like this, but don't know where to start. Thank you to all of > you who help me, and to you Charles (if you're listening :-) ) for a really > cool piece of work! Have a great day!!! > > Craig > > Feb 26 13:43:54 clonebox kernel: Packet log: input DENY eth0 PROTO=6 > 12.246.134.190:1043 12.246.96.118:80 L=48 S=0x00 I=28981 F=0x4000 T=125 SYN > (#40)
Looks to me just like what you would get from a box that has been captured by the Code Red worm. It comes from some Windoze box that is trying to infect others in its vicinity. This has been going on for months and is gradually slowing down. Your firewall is protecting you just like it is supposed to. Victor McAllister _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user
