[ previous ] [ next ] [ threads ]
 
 From:  David Elizalde <guardian653dave at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  WAN Leaks?
 Date:  Mon, 9 May 2005 21:50:01 -0400
Hello! I'm using m0n0wall as my router/firewall and a secondary
firewall on my computer. Since I installed the software firewall its
been picking up some completely random packets comming in. As of this
moment I can say I have bittorrent running, but only using one port
(Inbound NAT w/ rule). It still doesn't explain how this all gets
through....

Time:May  9 17:21:39 Direction: Inbound In:eth0 Out: Port:
Source:172.16.16.1 Destination:172.16.16.4 Length:56 TOS:0x00
Protocol:ICMP Service:Unknown
Time:May  9 18:54:52 Direction: Inbound In:eth0 Out: Port:33401
Source:128.120.161.32 Destination:172.16.16.4 Length:1500 TOS:0x00
Protocol:TCP Service:Unknown
Time:May  9 19:08:23 Direction: Inbound In:eth0 Out: Port:53
Source:24.247.24.53 Destination:172.16.16.4 Length:68 TOS:0x00
Protocol:ICMP Service:DNS
Time:May  9 19:42:11 Direction: Inbound In:eth0 Out: Port:
Source:218.47.158.120 Destination:172.16.16.4 Length:56 TOS:0x00
Protocol:ICMP Service:Unknown
Time:May  9 21:10:00 Direction: Inbound In:eth0 Out: Port:53
Source:24.247.24.53 Destination:172.16.16.4 Length:68 TOS:0x00
Protocol:ICMP Service:DNS
Time:May  9 21:18:01 Direction: Inbound In:eth0 Out: Port:34355
Source:150.101.100.74 Destination:172.16.16.4 Length:1440 TOS:0x00
Protocol:TCP Service:Unknown
Time:May  9 21:22:46 Direction: Inbound In:eth0 Out: Port:34538
Source:81.99.173.18 Destination:172.16.16.4 Length:1500 TOS:0x00
Protocol:TCP Service:Unknown
Time:May  9 21:26:44 Direction: Inbound In:eth0 Out: Port:
Source:65.77.89.49 Destination:172.16.16.4 Length:56 TOS:0x00
Protocol:ICMP Service:Unknown
Time:May  9 21:31:46 Direction: Inbound In:eth0 Out: Port:34597
Source:81.99.173.18 Destination:172.16.16.4 Length:1500 TOS:0x00
Protocol:TCP Service:Unknown
Time:May  9 21:32:13 Direction: Inbound In:eth0 Out: Port:33467
Source:67.35.92.228 Destination:172.16.16.4 Length:44 TOS:0x00
Protocol:TCP Service:Traceroute
Time:May  9 21:33:44 Direction: Inbound In:eth0 Out: Port:34597
Source:81.99.173.18 Destination:172.16.16.4 Length:1500 TOS:0x00
Protocol:TCP Service:Unknown
Time:May  9 21:34:27 Direction: Inbound In:eth0 Out: Port:53
Source:66.227.153.161 Destination:172.16.16.4 Length:56 TOS:0x00
Protocol:ICMP Service:DNS
Time:May  9 21:34:32 Direction: Inbound In:eth0 Out: Port:53
Source:24.247.239.226 Destination:172.16.16.4 Length:56 TOS:0x00
Protocol:ICMP Service:DNS

This is what is recored from the software firewall. Any ideas on how
this is getting in? For example, how did port 53 (DNS) get through to
my computer?

I'm running, 1.11

Thanks

-- 
God's in his heaven, All's right with the world