[ previous ] [ next ] [ threads ]
 From:  Don Munyak <don dot munyak at gmail dot com>
 To:  Ugo Bellavance <ugob at camo dash route dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Re: stange blocked traffic
 Date:  Mon, 25 Jul 2005 13:37:53 -0400
Ugo, much appreciated. I can understand the 445. 

What's confused me is the Remote IP is almost always
{port 445 or 135}

The local IP's/ports, as reported by syslog, are any IP in the range. A few in the in others like

The point was my network is How is it that syslog is
reporting the BLOCKED traffic from my network. Is this a case of a
spoofed packet?

- Don

On 7/25/05, Ugo Bellavance <ugob at camo dash route dot com> wrote:
> Don Munyak wrote:
> > We are getting a lot of traffic BLOCKED by m0n0wall where the remote
> > IP is and the source IP is anything in,
> > ports all over the place.
> >
> > Anyone else getting these ?
> >
> > I did a whois, but all I found out was that belongs to Level3.net
> >
> > - Don
> http://www.dshield.org//port_report.php?port=445
> --
> Ugo
> -> Please don't send a copy of your reply by e-mail.  I read the list.
> -> Please avoid top-posting, long signatures and HTML, and cut the
> irrelevant parts in your replies.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch