Weird firewall log...


Subject: Weird firewall log...
From: David J. Weller-Fahy (lists@weller-fahy.com)
Date: Thu Jan 02 2003 - 09:58:02 AKST


Looks like my Windows XP box (game box) has been playing with the
firewall... I've been over my game box about three times now looking
for a trojan, or something else that would be running which would cause
this, but haven't had any luck. I've also not been able to duplicate
the log entries with anything that I've done.

Weird thing number two: No further entries in the log from this computer
at all. Anyone know of a program that would cause these type of log
entries, or a place to look?

Firewall log follows (lines are long).

#v+
Jan 1 18:28:13 slug kernel: IN=eth0 OUT=eth0 SRC=192.168.1.10 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=47009 DF PROTO=TCP SPT=4094 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Jan 1 18:28:16 slug kernel: IN=eth0 OUT=eth0 SRC=192.168.1.10 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=47010 DF PROTO=TCP SPT=4094 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Jan 1 18:28:22 slug kernel: IN=eth0 OUT=eth0 SRC=192.168.1.10 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=47011 DF PROTO=TCP SPT=4094 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Jan 1 18:28:25 slug kernel: IN=eth0 OUT=eth0 SRC=192.168.1.10 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=47016 DF PROTO=TCP SPT=4095 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Jan 1 18:28:27 slug kernel: IN=eth0 OUT=eth0 SRC=192.168.1.10 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=47025 DF PROTO=TCP SPT=4095 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Jan 1 18:28:33 slug kernel: IN=eth0 OUT=eth0 SRC=192.168.1.10 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=47026 DF PROTO=TCP SPT=4095 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Jan 1 18:29:18 slug kernel: IN=eth0 OUT=eth0 SRC=192.168.1.10 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=47225 DF PROTO=TCP SPT=4097 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Jan 1 18:29:42 slug kernel: IN=eth0 OUT=eth0 SRC=192.168.1.10 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=47270 DF PROTO=TCP SPT=4106 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Jan 1 18:29:45 slug kernel: IN=eth0 OUT=eth0 SRC=192.168.1.10 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=47279 DF PROTO=TCP SPT=4106 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Jan 1 18:29:51 slug kernel: IN=eth0 OUT=eth0 SRC=192.168.1.10 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=47291 DF PROTO=TCP SPT=4106 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Jan 1 18:30:06 slug kernel: IN=eth0 OUT=eth0 SRC=192.168.1.10 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=47313 DF PROTO=TCP SPT=4108 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Jan 1 18:30:09 slug kernel: IN=eth0 OUT=eth0 SRC=192.168.1.10 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=47316 DF PROTO=TCP SPT=4108 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Jan 1 18:30:18 slug kernel: IN=eth0 OUT=eth0 SRC=192.168.1.10 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=47322 DF PROTO=TCP SPT=4109 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Jan 1 18:30:21 slug kernel: IN=eth0 OUT=eth0 SRC=192.168.1.10 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=47326 DF PROTO=TCP SPT=4109 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Jan 1 18:30:56 slug kernel: IN=eth0 OUT=eth0 SRC=192.168.1.10 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=47679 DF PROTO=TCP SPT=4111 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
Jan 1 18:30:59 slug kernel: IN=eth0 OUT=eth0 SRC=192.168.1.10 DST=192.168.1.2 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=47680 DF PROTO=TCP SPT=4111 DPT=80 WINDOW=64240 RES=0x00 SYN URGP=0
#v-

Regards,

  dave

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.



This archive was generated by hypermail 2a23 : Thu Jan 02 2003 - 09:58:08 AKST