AKLUG Archive: Re: What has happened to the Open Group?

From: Fielder George Dowding <fgdowding@iceworm-enterprises.net>
Date: Fri Nov 12 2004 - 22:54:55 AKST

For Leif and all interested:

Here are extracts of my /var/log/messages file on my DSL firewall/router
box:

(head /var/log/messages)
Nov 8 08:47:11 juda syslogd 1.4.1#10: restart.
Nov 8 08:47:11 juda kernel: Shorewall:all2all:REJECT:IN=eth0 OUT=eth1 SRC=192.168.35.13 DST=192.5.6.30 LEN=59 TOS=0x00 PREC=0x00 TTL=63 ID=2717 DF PROTO=UDP SPT=21786 DPT=53 LEN=39
Nov 8 08:47:11 juda kernel: Shorewall:all2all:REJECT:IN=eth0 OUT=eth1 SRC=192.168.35.13 DST=192.54.112.30 LEN=59 TOS=0x00 PREC=0x00 TTL=63 ID=2734 DF PROTO=UDP SPT=40650 DPT=53 LEN=39
Nov 8 08:47:11 juda kernel: Shorewall:all2all:REJECT:IN=eth0 OUT=eth1 SRC=192.168.35.13 DST=192.54.112.30 LEN=68 TOS=0x00 PREC=0x00 TTL=63 ID=2734 DF PROTO=UDP SPT=37069 DPT=53 LEN=48
Nov 8 08:47:11 juda kernel: Shorewall:all2all:REJECT:IN=eth0 OUT=eth1 SRC=192.168.35.13 DST=192.41.162.30 LEN=59 TOS=0x00 PREC=0x00 TTL=63 ID=2749 DF PROTO=UDP SPT=1780 DPT=53 LEN=39
Nov 8 08:47:11 juda kernel: Shorewall:all2all:REJECT:IN=eth0 OUT=eth1 SRC=192.168.35.13 DST=192.52.178.30 LEN=67 TOS=0x00 PREC=0x00 TTL=63 ID=2749 DF PROTO=UDP SPT=9231 DPT=53 LEN=47
Nov 8 08:47:11 juda kernel: Shorewall:all2all:REJECT:IN=eth0 OUT=eth1 SRC=192.168.35.13 DST=192.54.112.30 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=2749 DF PROTO=UDP SPT=20090 DPT=53 LEN=40
Nov 8 08:47:11 juda kernel: Shorewall:all2all:REJECT:IN=eth0 OUT=eth1 SRC=192.168.35.13 DST=192.52.178.30 LEN=61 TOS=0x00 PREC=0x00 TTL=63 ID=2749 DF PROTO=UDP SPT=54676 DPT=53 LEN=41
Nov 8 08:47:11 juda kernel: Shorewall:all2all:REJECT:IN=eth0 OUT=eth1 SRC=192.168.35.13 DST=192.12.94.30 LEN=59 TOS=0x00 PREC=0x00 TTL=63 ID=2777 DF PROTO=UDP SPT=8065 DPT=53 LEN=39
Nov 8 08:47:11 juda kernel: Shorewall:all2all:REJECT:IN=eth0 OUT=eth1 SRC=192.168.35.13 DST=192.54.112.30 LEN=67 TOS=0x00 PREC=0x00 TTL=63 ID=2792 DF PROTO=UDP SPT=41224 DPT=53 LEN=47

(tail /var/log/messages)

Nov 12 22:46:57 juda kernel: Shorewall:all2all:REJECT:IN=eth0 OUT=eth1 SRC=192.168.35.2 DST=192.26.92.30 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=46550 DF PROTO=UDP SPT=4489 DPT=53 LEN=40
Nov 12 22:46:59 juda kernel: Shorewall:all2all:REJECT:IN=eth0 OUT=eth1 SRC=192.168.35.2 DST=192.52.178.30 LEN=63 TOS=0x00 PREC=0x00 TTL=63 ID=49290 DF PROTO=UDP SPT=27604 DPT=53 LEN=43
Nov 12 22:47:02 juda kernel: Shorewall:all2all:REJECT:IN=eth0 OUT=eth1 SRC=192.168.35.2 DST=192.42.93.30 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=51578 DF PROTO=UDP SPT=57130 DPT=53 LEN=40
Nov 12 22:47:03 juda kernel: Shorewall:all2all:REJECT:IN=eth0 OUT=eth1 SRC=192.168.35.2 DST=192.33.14.30 LEN=74 TOS=0x00 PREC=0x00 TTL=63 ID=52622 DF PROTO=UDP SPT=56928 DPT=53 LEN=54
Nov 12 22:47:03 juda kernel: Shorewall:all2all:REJECT:IN=eth0 OUT=eth1 SRC=192.168.35.2 DST=192.31.80.30 LEN=74 TOS=0x00 PREC=0x00 TTL=63 ID=53264 DF PROTO=UDP SPT=24627 DPT=53 LEN=54
Nov 12 22:47:05 juda kernel: Shorewall:all2all:REJECT:IN=eth0 OUT=eth1 SRC=192.168.35.2 DST=192.52.178.30 LEN=74 TOS=0x00 PREC=0x00 TTL=63 ID=55320 DF PROTO=UDP SPT=50526 DPT=53 LEN=54
Nov 12 22:47:07 juda kernel: Shorewall:all2all:REJECT:IN=eth0 OUT=eth1 SRC=192.168.35.2 DST=192.41.162.30 LEN=74 TOS=0x00 PREC=0x00 TTL=63 ID=57364 DF PROTO=UDP SPT=59505 DPT=53 LEN=54
Nov 12 22:47:08 juda kernel: Shorewall:all2all:REJECT:IN=eth0 OUT=eth1 SRC=192.168.35.2 DST=192.35.51.30 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=57573 DF PROTO=UDP SPT=2190 DPT=53 LEN=40
Nov 12 22:47:10 juda kernel: Shorewall:all2all:REJECT:IN=eth0 OUT=eth1 SRC=192.168.35.2 DST=192.35.51.30 LEN=63 TOS=0x00 PREC=0x00 TTL=63 ID=60312 DF PROTO=UDP SPT=22749 DPT=53 LEN=43
Nov 12 22:47:13 juda kernel: Shorewall:all2all:REJECT:IN=eth0 OUT=eth1 SRC=192.168.35.2 DST=192.35.51.30 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=62601 DF PROTO=UDP SPT=37711 DPT=53 LEN=40

It appears my firewall is working, but I seem to be under heavy attack.
The messages file is about 70M at the moment.

fgd.

-- 
Fielder George Dowding, Chief Iceworm        .^.   Debian/GNU Linux
dba Iceworm Enterprises, Anchorage, Alaska   /v\   "Sarge" Testing
Since 1976 - Over 25 Years of Service.      /( )\  User Number 269482
                                            ^^-^^  "Seth" 186667
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

Received on Fri Nov 12 22:54:54 2004

This archive was generated by hypermail 2.1.8 : Fri Nov 12 2004 - 22:54:54 AKST