As an aside, one thing I've also noticed in the last few days with my network is that my DSL has gone from an average speed of 75k/sec to 150k/sec. That's T1 speed just about, isn't it? I haven't upgraded my subscription or anything, so I have no clue why it's happening. I really like it though!
Thanks again for your help.
Chris
On Feb 10, 2004, at 3:01 AM, Raffaele Belardi wrote:
You read it like this: for example the first line is telling you that a machine with ip address 66... is trying to connect to your machine (ip address 162....) on TCP port 8980. The firewall is applying a default behavior of denying the connection.
The log file shows several ICMP packets, typically used for ping.
They also show TCP connection to port 6346 and 8980. From google, the first one is used by peer to peer file sharing programs (bearshare, gnutella), the other one I couldn't find.
Yes, it could be a port scan, but I wouldn't worry about it as long as you have your firewall, although a better policy would be to DROP the packets instead of DENY the connection. Deny means that the firewall does not allow the other peer to connect to your machine, typically sending back a NACK packet or similar. Drop means that the firewall just ignores the packet, and does not send back any acknowledge (positive or negative). The latter is better since it does not let the other peer know that you even exist.
There should also be a way to avoid logging these attempts (there _is_ in linux's firewall, iptables) if they are clogging your log file, but I cannot help with your specific router.
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
