I'm quite new to this but as I understand it: Someone at 64.214.177.149 is attempting to connect using the TCP protocol from port 3463 to port 445 on 209.233.16.123.
The machine at 209.233.16.123 is an address assigned to you. If you look up TCP port 445 you'll find something similar to the following: Protocol: TCP Port: 445 Description: Microsoft Networking (Windows 2000/XP) "TCP port 445 is used for *direct* Microsoft Networking access. More specifically, it enables direct TCP/IP access to Microsoft Networking functions WITHOUT the need for a Netbios layer. This service is only implemented in the more recent verions of Windows (e.g. Windows 2000 and XP)." So it looks like someone is trying to probe your machine/network using this vulnerable port, but your firewall is stopping them - exactly what it should be doing! I'm sure someone will correct me if I've led you astray... Regards Nick > -----Original Message----- > From: Phil Faris [mailto:[EMAIL PROTECTED] > Sent: 29 March 2003 17:08 > To: [EMAIL PROTECTED] > Subject: [leaf-user] Shorewall log > > > Can anyone tell me what this Shorewall log entry means? I > get about fifty > to sixty hits like this every day. > > Mar 29 16:12:57 Gateway Shorewall:net2all:DROP: IN=eth0 OUT= > MAC=00:20:af:38:31:c5:00:10:67:00:b5:6b:08:00 SRC=64.214.177.149 > DST=209.233.16.123 LEN=48 TOS=00 PREC=0x00 TTL=111 ID=28282 > DF PROTO=TCP > SPT=3463 DPT=445 SEQ=3057110942 ACK=0 WINDOW=16384 SYN URGP=0 > > Phil Faris > > > ------------------------------------------------------- > This SF.net email is sponsored by: > The Definitive IT and Networking Event. Be There! > NetWorld+Interop Las Vegas 2003 -- Register today! > http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en > -------------------------------------------------------------- > ---------- > leaf-user mailing list: [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/leaf-user > SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > ------------------------------------------------------- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
