[ previous ] [ next ] [ threads ]
 
 From:  Ugo Bellavance <ugob at camo dash route dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: stange blocked traffic
 Date:  Mon, 25 Jul 2005 15:12:10 -0400
Don Munyak wrote:
> Ugo, much appreciated. I can understand the 445. 
> 
> What's confused me is the Remote IP is almost always 4.152.222.239
> {port 445 or 135}
> 
> The local IP's/ports, as reported by syslog, are any IP in the
> 4.152.0.0/16 range. A few in the in others like 61.225.17.215
> ..etc 
> 
> The point was my network is 192.168.222.0/24. How is it that syslog is
> reporting the BLOCKED traffic from my network. Is this a case of a
> spoofed packet?

Please avoid top posting.

No, port 445 for windows machine is related to windows networking.
Sometimes there are broadcasts and are blocked by firewall.

> 
> - Don
> 
> On 7/25/05, Ugo Bellavance <ugob at camo dash route dot com> wrote:
> 
>>Don Munyak wrote:
>>
>>>We are getting a lot of traffic BLOCKED by m0n0wall where the remote
>>>IP is 4.152.222.239:445 and the source IP is anything in 4.152.0.0/16,
>>>ports all over the place.
>>>
>>>Anyone else getting these ?
>>>
>>>I did a whois, but all I found out was that 4.0.0.0 belongs to Level3.net
>>>
>>>- Don
>>
>>http://www.dshield.org//port_report.php?port=445
>>
>>--
>>Ugo
>>
>>-> Please don't send a copy of your reply by e-mail.  I read the list.
>>-> Please avoid top-posting, long signatures and HTML, and cut the
>>irrelevant parts in your replies.
>>
>>
>>---------------------------------------------------------------------
>>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>
>>


-- 
Ugo

-> Please don't send a copy of your reply by e-mail.  I read the list.
-> Please avoid top-posting, long signatures and HTML, and cut the
irrelevant parts in your replies.