[ previous ] [ next ] [ threads ]
 
 From:  Lyle Giese <lyle at lcrcomputer dot net>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  logs from m0n0wall
 Date:  Mon, 08 Jun 2009 09:09:51 -0500 
Having just started using m0nowall in production, I am not used to it's logging yet.  Here are two
entries that I am not used to seeing:

Jun  8 00:12:24 linuxgw ipmon[89]: 00:12:23.747547 ng0 @0:15 b 199.212.0.53 -> 209.112.71.50 PR udp
len 20 (792) (frag 5152:772@1480) IN
Jun  8 00:12:24 linuxgw ipmon[89]: 00:12:23.759113 ng0 @0:15 b 199.212.0.53 -> 209.112.71.50 PR udp
len 20 (792) (frag 5153:772@1480) IN


Are these because they are fragments?  199.212.0.53 seems to be a legit server run by ARIN, so I
would doubt it would be doing things that are malicious in nature.  I just don't have a good
understanding of these yet.

Any background info would be nice.

Thanks,
Lyle