|
||||||||
Don Munyak wrote: > Ugo, much appreciated. I can understand the 445. > > What's confused me is the Remote IP is almost always 4.152.222.239 > {port 445 or 135} > > The local IP's/ports, as reported by syslog, are any IP in the > 4.152.0.0/16 range. A few in the in others like 61.225.17.215 > ..etc > > The point was my network is 192.168.222.0/24. How is it that syslog is > reporting the BLOCKED traffic from my network. Is this a case of a > spoofed packet? Please avoid top posting. No, port 445 for windows machine is related to windows networking. Sometimes there are broadcasts and are blocked by firewall. > > - Don > > On 7/25/05, Ugo Bellavance <ugob at camo dash route dot com> wrote: > >>Don Munyak wrote: >> >>>We are getting a lot of traffic BLOCKED by m0n0wall where the remote >>>IP is 4.152.222.239:445 and the source IP is anything in 4.152.0.0/16, >>>ports all over the place. >>> >>>Anyone else getting these ? >>> >>>I did a whois, but all I found out was that 4.0.0.0 belongs to Level3.net >>> >>>- Don >> >>http://www.dshield.org//port_report.php?port=445 >> >>-- >>Ugo >> >>-> Please don't send a copy of your reply by e-mail. I read the list. >>-> Please avoid top-posting, long signatures and HTML, and cut the >>irrelevant parts in your replies. >> >> >>--------------------------------------------------------------------- >>To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >>For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch >> >> -- Ugo -> Please don't send a copy of your reply by e-mail. I read the list. -> Please avoid top-posting, long signatures and HTML, and cut the irrelevant parts in your replies. |