My firewall has been blocking some to be routed packets send to my computer.. here a
small cut/paste from my log file:
FWROUTE,2001/11/10,03:23:59 +1:00 GMT,212.142.28.66:53,212.187.64.194:64540,UDP
FWROUTE,2001/11/10,03:24:02 +1:00 GMT,213.93.68.114:1236,213.93.82.62:80,TCP (flags:S)
FWROUTE,2001/11/10,03:24:09 +1:00 GMT,66.61.42.178:1217,213.93.61.116:81,TCP (flags:S)
FWROUTE,2001/11/10,03:24:12 +1:00 GMT,213.93.252.33:3845,213.93.81.253:80,TCP (flags:S)
FWROUTE,2001/11/10,03:24:18 +1:00 GMT,193.212.52.75:21,212.187.66.13:1668,TCP
(flags:AP)
FWROUTE,2001/11/10,03:24:45 +1:00 GMT,212.142.28.130:53,212.187.69.78:15443,UDP
FWROUTE,2001/11/10,03:24:48 +1:00 GMT,213.93.68.114:1239,213.93.82.62:80,TCP (flags:S)
FWROUTE,2001/11/10,03:24:59 +1:00 GMT,213.93.53.8:2187,213.93.82.62:80,TCP (flags:S)
FWROUTE,2001/11/10,03:25:24 +1:00 GMT,212.23.13.28:1895,212.187.69.180:80,TCP (flags:S)
FWROUTE,2001/11/10,03:25:32 +1:00 GMT,213.93.68.114:1240,213.93.82.62:80,TCP (flags:S)
FWROUTE,2001/11/10,03:26:13 +1:00 GMT,212.142.28.66:53,212.187.29.160:3185,UDP
FWROUTE,2001/11/10,03:26:18 +1:00 GMT,213.93.68.114:1241,213.93.82.62:80,TCP (flags:S)
FWROUTE,2001/11/10,03:26:30 +1:00 GMT,216.118.101.119:80,212.187.67.132:2365,TCP
(flags:A)
FWROUTE,2001/11/10,03:26:33 +1:00 GMT,216.187.79.247:80,212.187.67.132:2686,TCP
(flags:A)
FWROUTE,2001/11/10,03:26:35 +1:00 GMT,213.93.252.33:4107,213.93.82.62:80,TCP (flags:S)
FWROUTE,2001/11/10,03:26:41 +1:00 GMT,213.93.53.8:4824,213.93.82.62:80,TCP (flags:S)
FWROUTE,2001/11/10,03:26:46 +1:00 GMT,64.157.10.153:80,212.187.67.132:3274,TCP
(flags:A)
FWROUTE,2001/11/10,03:26:57 +1:00 GMT,64.158.76.197:80,212.187.67.132:1508,TCP
(flags:A)
FWROUTE,2001/11/10,03:27:02 +1:00 GMT,213.93.68.114:1242,213.93.82.62:80,TCP (flags:S)
FWROUTE,2001/11/10,03:27:15 +1:00 GMT,206.57.41.100:80,212.187.67.132:1130,TCP
(flags:A)
FWROUTE,2001/11/10,03:27:22 +1:00 GMT,24.253.245.171:4445,212.187.28.53:1214,TCP
(flags:S)
FWROUTE,2001/11/10,03:27:23 +1:00 GMT,216.218.139.196:80,212.187.67.132:1829,TCP
(flags:A)
FWROUTE,2001/11/10,03:27:24 +1:00 GMT,64.158.76.197:80,212.187.67.132:1576,TCP
(flags:A)
FWROUTE,2001/11/10,03:27:24 +1:00 GMT,212.66.171.134:2508,212.187.40.129:80,TCP
(flags:S)
FWROUTE,2001/11/10,03:27:40 +1:00 GMT,144.80.24.110:1214,212.187.31.227:1299,TCP
(flags:A)
FWROUTE,2001/11/10,03:27:48 +1:00 GMT,213.93.68.114:1243,213.93.82.62:80,TCP (flags:S)
FWROUTE,2001/11/10,03:28:33 +1:00 GMT,216.187.79.247:80,212.187.67.132:2686,TCP
(flags:A)
FWROUTE,2001/11/10,03:28:42 +1:00 GMT,212.178.4.59:2273,212.187.30.20:80,TCP (flags:S)
FWROUTE,2001/11/10,03:29:07 +1:00 GMT,64.12.25.59:13454,212.187.42.113:1033,TCP
(flags:A)
My IP is 212.187.65.82
I`m also running a packet sniffer which logged the following packet (it was allowed
through the firewall), I have received this packets many times and each time it
contained the same data
Time/Date(03:30:51/10.11.2001) Protocol/Number(UDP/17)
Source(10.10.1.1) Destination(255.255.255.255)
Source Port (67) Destination Port (68)
Length (308) CheckSum (14577)
01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18
000001 45 00 01 48 c2 3e 00 00 80 11 6c 5c 0a 0a 01 01 ff ff E..HÂ>..€.l\....ÿÿ
000019 ff ff 00 43 00 44 01 34 38 f1 02 01 06 00 00 00 00 00 ÿÿ.C.D.48ñ........
000037 00 00 80 00 d4 8e 06 79 00 00 00 00 00 00 00 00 00 00 ..€.ÔŽ.y..........
000055 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..................
000073 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..................
000091 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..................
000109 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..................
000127 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..................
000145 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..................
000163 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..................
000181 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..................
000199 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..................
000217 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..................
000235 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..................
000253 00 00 00 00 00 00 00 00 00 00 00 00 63 82 53 63 35 01 ............c‚Sc5.
000271 05 36 04 0a 0a 01 01 01 04 00 00 00 00 2b 0f 5f 0d 48 .6...........+._.H
000289 61 6c 69 78 2e 4c 6f 6b 61 61 6c 00 ff 00 00 00 00 00 alix.Lokaal.ÿ.....
000307 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ..................
000325 00 00 00 00 ....
Can anyone tell me what kind of attack/packet this is and if it's part of those
packet's that are sent to my computer that should be routed to another computers.
Philip Wagenaar
