Re: Firewall log with port 65535 question
> -- configuration --
> external interface is 206.230.232.xxx on eth1 and
> internal interface is 192.168.1.1 on eth0 with my
> Oct 31 19:48:43 reboots kernel: Packet log: input DENY eth0 PROTO=2
> 18.104.22.168:65535 22.214.171.124:65535 L=32 S=0x00 I=6912 F=0x0000 T=1 O=0x00000494
Nice! Well, whatever does this is trying to connect from the inside to one
of six machines on the outside, none of them have a DNS-Entry.
The source address ist forged, the destinations might be other infected
machines. Since the source is forged, any reply will go to the forged
source, so that computer might also be infected.
Now what to do?
You can/should consult the whois database (at internic e.g.) and inform the
owner of those IPs - just a courtesy.
You can/should also remove the cause from your machine(s) - in the case of
windows, a new installation is the easiest method to do this.