> When looking at your Shorewall logs, how do you decide if you are just > being scanned or if someone(s) is trying to make an effort to get access > to you box?
Match the destination port to a list like /etc/services and see if there are repeated attempts to services such as ssh/telnet/smbd/nmbd or an ip that scans many ports (port-scan). These would likely be someone interested in attempting to crack your firewall/LAN, otherwise the traffic is most likely "internet trash" that comes in a huge variety. -- ~Lynn Avants Linux Embedded Firewall Project developer http://leaf.sourceforge.net ------------------------------------------------------- This sf.net email is sponsored by: With Great Power, Comes Great Responsibility Learn to use your power at OSDN's High Performance Computing Channel http://hpc.devchannel.org/ ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html