[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewall log with port 65535 question


> -- configuration --
> external interface is 206.230.232.xxx on eth1 and
> internal interface is on eth0 with my 
> [...]
> Oct 31 19:48:43 reboots kernel: Packet log: input DENY eth0 PROTO=2
> L=32 S=0x00 I=6912 F=0x0000 T=1 O=0x00000494
> (#39)
> [...]

Nice! Well, whatever does this is trying to connect from the inside to one
of six machines on the outside, none of them have a DNS-Entry.
The source address ist forged, the destinations might be other infected
machines. Since the source is forged, any reply will go to the forged
source, so that computer might also be infected.

Now what to do?
You can/should consult the whois database (at internic e.g.) and inform the
owner of those IPs - just a courtesy.
You can/should also remove the cause from your machine(s) - in the case of
windows, a new installation is the easiest method to do this.

Jörn Engel
mailto: joern@wohnheim.fh-wedel.de

Reply to: