Gregson Helledy on 11 Nov 2005 20:27:51 -0000 |
I'm trying to diagnose why my diald link (for dialup internet access) is staying up and looking through log files I found an amazing number of attempted incoming connections. According to a website I used to look up a few of the IPs, they are coming from all around the world (China, Japan and Switzerland were the first 3 I looked at). The following are the attempted connections just between 9 and 9:10 this morning. 1. Do other people get this many random connection attempts? Should I be surprised that an IP used for a dialup ISP gets this? 2. diald wouldn't consider these connection attempts as traffic for the purposes of keeping the link up, would it? Thanks, Greg Nov 11 09:00:42 firewall kernel: denylog:IN=ppp0 OUT= MAC= SRC=221.208.208.2 DST=XXX.XXX.XXX.XXX LEN=502 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=UDP SPT=33378 DPT=1026 LEN=482 Nov 11 09:00:42 firewall kernel: denylog:IN=ppp0 OUT= MAC= SRC=221.208.208.2 DST=XXX.XXX.XXX.XXX LEN=502 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=UDP SPT=33378 DPT=1026 LEN=482 Nov 11 09:02:01 firewall kernel: denylog:IN=ppp0 OUT= MAC= SRC=221.208.208.8 DST=XXX.XXX.XXX.XXX LEN=338 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=UDP SPT=39485 DPT=1027 LEN=318 Nov 11 09:02:01 firewall kernel: denylog:IN=ppp0 OUT= MAC= SRC=221.208.208.8 DST=XXX.XXX.XXX.XXX LEN=338 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=UDP SPT=39485 DPT=1026 LEN=318 Nov 11 09:02:48 firewall kernel: denylog:IN=ppp0 OUT= MAC= SRC=218.66.104.186 DST=XXX.XXX.XXX.XXX LEN=492 TOS=0x00 PREC=0x00 TTL=46 ID=0 DF PROTO=UDP SPT=43788 DPT=1028 LEN=472 Nov 11 09:04:44 firewall kernel: denylog:IN=ppp0 OUT= MAC= SRC=221.10.229.30 DST=XXX.XXX.XXX.XXX LEN=311 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=59518 DPT=1027 LEN=291 Nov 11 09:04:44 firewall kernel: denylog:IN=ppp0 OUT= MAC= SRC=221.10.229.30 DST=XXX.XXX.XXX.XXX LEN=311 TOS=0x00 PREC=0x00 TTL=47 ID=0 DF PROTO=UDP SPT=59518 DPT=1026 LEN=291 Nov 11 09:07:13 firewall kernel: denylog:IN=ppp0 OUT= MAC= SRC=221.208.208.3 DST=XXX.XXX.XXX.XXX LEN=502 TOS=0x00 PREC=0x00 TTL=45 ID=0 DF PROTO=UDP SPT=32851 DPT=1027 LEN=482 Nov 11 09:07:40 firewall kernel: denylog:IN=ppp0 OUT= MAC= SRC=84.244.1.38 DST=XXX.XXX.XXX.XXX LEN=60 TOS=0x00 PREC=0xC0 TTL=43 ID=53047 DF PROTO=TCP SPT=36855 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 11 09:07:43 firewall kernel: denylog:IN=ppp0 OUT= MAC= SRC=84.244.1.38 DST=XXX.XXX.XXX.XXX LEN=60 TOS=0x00 PREC=0xC0 TTL=43 ID=53049 DF PROTO=TCP SPT=36855 DPT=22 WINDOW=5840 RES=0x00 SYN URGP=0 Nov 11 09:07:53 firewall kernel: denylog:IN=ppp0 OUT= MAC= SRC=191.197.203.27 DST=XXX.XXX.XXX.XXX LEN=521 TOS=0x00 PREC=0x00 TTL=55 ID=53131 PROTO=UDP SPT=0 DPT=1025 LEN=501 Nov 11 09:07:53 firewall kernel: denylog:IN=ppp0 OUT= MAC= SRC=210.122.213.164 DST=XXX.XXX.XXX.XXX LEN=816 TOS=0x00 PREC=0x00 TTL=111 ID=43493 PROTO=UDP SPT=9950 DPT=1026 LEN=796 Nov 11 09:09:45 firewall kernel: denylog:IN=ppp0 OUT= MAC= SRC=202.233.158.1 DST=XXX.XXX.XXX.XXX LEN=908 TOS=0x00 PREC=0x00 TTL=119 ID=57339 PROTO=UDP SPT=7463 DPT=1026 LEN=888 -- Privileged/Confidential information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and notify GRA, Inc. (postmaster@gra-inc.com) immediately. Please advise immediately if you or your employer do not consent to Internet e-mail for messages of this kind. Opinions, conclusions and other information expressed in this message are not given or endorsed by GRA, Inc. unless otherwise indicated by an authorized representative independent of this message. ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|