Hi all. I've recently had some trouble with my Bering-uClibc configuration, so I've been spending a lot of time with re-installation problems and not much with watching the fw logs. Anyway, I've lately seen a real spike in behavior coming into the firewall, and since I haven't changed any shorewall settings, was just wondering if someone could suggest what the source of all this noise is.
Anyway, in the last two days I've had a lot of hits on my external eth0 from these two sources (x.x.x.x is my eth0 address leased from the upstream DNS server via pump): Oct 5 07:43:33 cerberus Shorewall:net2all:DROP: IN=eth0 OUT= MAC=00:00:bc:11:17:0c:00:04:28:25:9c:54:08:00 SRC=61.143.182.138 DST=x.x.x.x LEN=550 TOS=00 PREC=0x00 TTL=50 ID=0 DF PROTO=UDP SPT=30110 DPT=1026 LEN=530 and Oct 5 08:02:58 cerberus Shorewall:net2all:DROP: IN=eth0 OUT= MAC=00:00:bc:11:17:0c:00:04:28:25:9c:54:08:00 SRC=210.5.22.10 DST=x.x.x.x LEN=367 TOS=00 PREC=0x00 TTL=242 ID=620 PROTO=UDP SPT=32775 DPT=1026 LEN=347 and they generally alternate in terms of frequency. Now, I happen to have a few LISTENING ports on a machine behind the firewall, generally ports 1024-1030, but there's no DROPped outbound traffic, so I figure I'm okay when it comes to Trojans. But, I could be wrong. I'm hoping someone could assuage my fears or simply tell me I'm crazy and/or point me to the FAQ I've missed. Thanks a bunch. Regards, joe. -- __________________________________________________________ Sign-up for your own personalized E-mail at Mail.com http://www.mail.com/?sr=signup CareerBuilder.com has over 400,000 jobs. Be smarter about your job search http://corp.mail.com/careers ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
