[plug] Firewall logs

Nathan Alberti macro at nathan.linux-dude.net
Sun Dec 23 22:20:31 WST 2001 

Is there a recent DNS exploit I am unaware of ?

Or is there something I am missing....

8<------
Dec 23 21:34:04 mcns179 kernel: gShield (closed port drop) IN=eth0 OUT=
MAC=00:01:02:94:9b:62:00:30:94:9c:6e:8c:08:00 SRC=216.33.35.214
DST=202.156.220.179 LEN=44 TOS=0x00 PREC=0x00 TTL=237 ID=0 PROTO=TCP
SPT=12100 DPT=53 WINDOW=4128 RES=0x00 ACK SYN URGP=0
Dec 23 21:34:04 mcns179 kernel: gShield (closed port drop) IN=eth0 OUT=
MAC=00:01:02:94:9b:62:00:30:94:9c:6e:8c:08:00 SRC=129.250.244.10
DST=202.156.220.179 LEN=44 TOS=0x00 PREC=0x00 TTL=242 ID=0 PROTO=TCP
SPT=14369 DPT=53 WINDOW=4128 RES=0x00 ACK SYN URGP=0
Dec 23 21:34:04 mcns179 kernel: gShield (closed port drop) IN=eth0 OUT=
MAC=00:01:02:94:9b:62:00:30:94:9c:6e:8c:08:00 SRC=128.121.10.90
DST=202.156.220.179 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=0 PROTO=TCP
SPT=32704 DPT=53 WINDOW=4128 RES=0x00 ACK SYN URGP=0
Dec 23 21:34:04 mcns179 kernel: gShield (closed port drop) IN=eth0 OUT=
MAC=00:01:02:94:9b:62:00:30:94:9c:6e:8c:08:00 SRC=194.213.64.150
DST=202.156.220.179 LEN=44 TOS=0x00 PREC=0x00 TTL=234 ID=0 PROTO=TCP
SPT=41515 DPT=53 WINDOW=4128 RES=0x00 ACK SYN URGP=0
Dec 23 21:34:04 mcns179 kernel: gShield (closed port drop) IN=eth0 OUT=
MAC=00:01:02:94:9b:62:00:30:94:9c:6e:8c:08:00 SRC=212.78.160.237
DST=202.156.220.179 LEN=44 TOS=0x00 PREC=0x00 TTL=238 ID=0 PROTO=TCP
SPT=28001 DPT=53 WINDOW=4128 RES=0x00 ACK SYN URGP=0
Dec 23 21:34:04 mcns179 kernel: gShield (closed port drop) IN=eth0 OUT=
MAC=00:01:02:94:9b:62:00:30:94:9c:6e:8c:08:00 SRC=62.26.119.34
DST=202.156.220.179 LEN=44 TOS=0x00 PREC=0x00 TTL=241 ID=0 PROTO=TCP
SPT=22821 DPT=53 WINDOW=4128 RES=0x00 ACK SYN URGP=0
Dec 23 21:34:04 mcns179 kernel: gShield (closed port drop) IN=eth0 OUT=
MAC=00:01:02:94:9b:62:00:30:94:9c:6e:8c:08:00 SRC=62.23.80.2
DST=202.156.220.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=0 PROTO=TCP
SPT=44886 DPT=53 WINDOW=4128 RES=0x00 ACK SYN URGP=0
Dec 23 21:34:04 mcns179 kernel: gShield (closed port drop) IN=eth0 OUT=
MAC=00:01:02:94:9b:62:00:30:94:9c:6e:8c:08:00 SRC=203.194.166.182
DST=202.156.220.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=0 PROTO=TCP
SPT=57128 DPT=53 WINDOW=4128 RES=0x00 ACK SYN URGP=0
Dec 23 21:34:04 mcns179 kernel: gShield (closed port drop) IN=eth0 OUT=
MAC=00:01:02:94:9b:62:00:30:94:9c:6e:8c:08:00 SRC=202.139.133.129
DST=202.156.220.179 LEN=44 TOS=0x00 PREC=0x00 TTL=240 ID=0 PROTO=TCP
SPT=25589 DPT=53 WINDOW=4128 RES=0x00 ACK SYN URGP=0
Dec 23 21:34:05 mcns179 kernel: gShield (closed port drop) IN=eth0 OUT=
MAC=00:01:02:94:9b:62:00:30:94:9c:6e:8c:08:00 SRC=203.194.166.182
DST=202.156.220.179 LEN=44 TOS=0x00 PREC=0x00 TTL=239 ID=0 PROTO=TCP
SPT=57069 DPT=53 WINDOW=4128 RES=0x00 ACK SYN URGP=0
---------------->8

More information about the plug mailing list