Trying to understand the Shrorewall logs on my Bering ULibC setup, I'm puzzled over the following entry, of which I've had several:
Dec 10 06:47:01 firewall rfc1918 DROP eth0 eth1 192.168.0.2 192.168.1.64 TCP 2595 54321 1410215655 63659 ACK PSH 0 The rfc1918 address 192.168.0.2 is not one I use and as it's unroutable, should not have arrived at my eth0. 192.168.1.64 is the IP address of the machine I'm running Azereus on. The destination port 54321 is the one I use for my Azereus bittorrent client. The source port 2595 is 'World Fusion 1' - whatever that might be! Has someone taken a guess at what the private IP address range I might be using, spoofed it and tried tried to slip in via my open Arereus port? If so, what would have happened if they had correctly guessed at the IP range I use? (BTW, am I giving anything important to potential intruders by revealing the above info?) Jim Ford ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click ------------------------------------------------------------------------ leaf-user mailing list: leaf-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/leaf-user Support Request -- http://leaf-project.org/