Ugo, much appreciated. I can understand the 445. 

What's confused me is the Remote IP is almost always 4.152.222.239
{port 445 or 135}

The local IP's/ports, as reported by syslog, are any IP in the
4.152.0.0/16 range. A few in the in others like 61.225.17.215
..etc 

The point was my network is 192.168.222.0/24. How is it that syslog is
reporting the BLOCKED traffic from my network. Is this a case of a
spoofed packet?

- Don

On 7/25/05, Ugo Bellavance <ugob at camo dash route dot com> wrote:
> Don Munyak wrote:
> > We are getting a lot of traffic BLOCKED by m0n0wall where the remote
> > IP is 4.152.222.239:445 and the source IP is anything in 4.152.0.0/16,
> > ports all over the place.
> >
> > Anyone else getting these ?
> >
> > I did a whois, but all I found out was that 4.0.0.0 belongs to Level3.net
> >
> > - Don
> 
> http://www.dshield.org//port_report.php?port=445
> 
> --
> Ugo
> 
> -> Please don't send a copy of your reply by e-mail.  I read the list.
> -> Please avoid top-posting, long signatures and HTML, and cut the
> irrelevant parts in your replies.
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>