Am I being attacked?
The answer is probably yes, but do the following indicate script-kiddie
probes? They are directed at portmap, lpr, and nmbd. I don't know why the
ones on the smtp port were rejected. The .184 system is my router.
Thanks
Bruce
Packet log: input DENY eth0 PROTO=6 216.103.219.35:17956 216.15.108.184:111 L=40 S=0x00 I=3466 F=0x0000 T=108 SYN (#10)
Packet log: input DENY eth0 PROTO=6 202.66.169.18:4439 216.15.108.184:515 L=60 S=0x00 I=43201 F=0x4000 T=47 SYN (#10)
Packet log: input DENY eth0 PROTO=17 216.187.75.24:137 216.15.108.184:137 L=78 S=0x00 I=18430 F=0x0000 T=114 (#10)
Packet log: input DENY eth0 PROTO=17 216.187.75.24:137 216.15.108.184:137 L=78 S=0x00 I=18686 F=0x0000 T=114 (#10)
Packet log: input DENY eth0 PROTO=17 216.187.75.24:137 216.15.108.184:137 L=78 S=0x00 I=18942 F=0x0000 T=114 (#10)
Packet log: input DENY eth0 PROTO=6 210.101.105.16:3546 216.15.108.184:111 L=60 S=0x00 I=13241 F=0x4000 T=47 SYN (#10)
Packet log: input DENY eth0 PROTO=6 4.60.161.230:1054 216.15.108.184:25 L=48 S=0x00 I=57801 F=0x4000 T=110 SYN (#10)
Packet log: input DENY eth0 PROTO=6 4.60.161.230:1054 216.15.108.184:25 L=48 S=0x00 I=57847 F=0x4000 T=110 SYN (#10)
Packet log: input DENY eth0 PROTO=6 4.60.161.230:1054 216.15.108.184:25 L=48 S=0x00 I=57880 F=0x4000 T=110 SYN (#10)
Packet log: input DENY eth0 PROTO=6 209.10.200.83:2151 216.15.108.184:111 L=60 S=0x00 I=14138 F=0x4000 T=56 SYN (#10)
Packet log: input DENY eth0 PROTO=6 210.178.232.1:4935 216.15.108.184:111 L=60 S=0x00 I=38311 F=0x4000 T=41 SYN (#10)
Packet log: input DENY eth0 PROTO=6 64.65.56.45:1274 216.15.108.184:515 L=60 S=0x00 I=146 F=0x4000 T=46 SYN (#10)
Reply to: