DoS?

TheMSsForum.com: The Microsoft Software Forum

First post here.

I've attached a snippet from my Kiwi Syslog from a customer's server.
Take a look at the times any you'll see I'm getting bombarded with
SMTP -- over 40 in half a minute, but sometimes as many as fifteen a
second -- from IP addresses in the 72.34.1xx.xxx range. I've Googled
some of them at random and the only connection is that they are all
from the same ISP in Texas. I first noticed the problem when the
Exchange server crashed. I blocked the ISP entire block at the router,
but obviously this volume of traffic is still affecting things.

Does anyone have an idea where to start with this? Any help will be
much appreciated.

Thanks,

Mark

05-10-2007 11:47:11 Local0.Warning 192.168.0.1 IP: Packet discarded
from 63.170.10.91 port 60668 to xxx.xxx.xxx.xxx port 25 (TCP)
(incorrect state) @2007-05-10-12:47:12
05-10-2007 11:47:11 Local0.Warning 192.168.0.1 IP: entry duplicated 3
times @2007-05-10-12:47:10
05-10-2007 11:47:09 Local0.Warning 192.168.0.1 IP: Packet discarded
from 63.170.10.91 port 60679 to xxx.xxx.xxx.xxx port 25 (TCP)
(incorrect state) @2007-05-10-12:47:10
05-10-2007 11:47:09 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.174.68 port 51646 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:47:10
05-10-2007 11:47:08 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.166.120 port 44576 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:47:09
05-10-2007 11:47:08 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.163.226 port 44466 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:47:09
05-10-2007 11:47:07 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.169.197 port 44372 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:47:09
05-10-2007 11:47:07 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.168.216 port 44319 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:47:09
05-10-2007 11:47:07 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.168.170 port 44183 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:47:09
05-10-2007 11:47:07 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.162.135 port 43779 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:47:09
05-10-2007 11:47:07 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.164.25 port 43671 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:47:09
05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.166.120 port 44576 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:47:06
05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.163.226 port 44466 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:47:06
05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.169.197 port 44372 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:47:06
05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.168.216 port 44319 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:47:06
05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.168.170 port 44183 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:47:06
05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.162.135 port 43779 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:47:06
05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.164.25 port 43671 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:47:06
05-10-2007 11:47:01 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.165.187 port 52717 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:47:03
05-10-2007 11:46:57 Local0.Info 192.168.0.1 IP: Packet allowed from
130.13.100.122 port 2492 to xxx.xxx.xxx.xxx port 443 (TCP)(allow by
HTTPS) @2007-05-10-12:46:59
05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.166.70 port 42172 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:46:54
05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.163.240 port 41907 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:46:54
05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.169.108 port 50974 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:46:54
05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.166.133 port 50915 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:46:54
05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.169.202 port 42518 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:46:54
05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.168.223 port 42407 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:46:54
05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.168.178 port 42107 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:46:54
05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
from 219.148.119.6 port 6000 to xxx.xxx.xxx.xxx port 7212 (TCP)(no NAT
port) @2007-05-10-12:46:54
05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.167.199 port 50697 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:46:54
05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.162.151 port 41557 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:46:54
05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.164.35 port 41449 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:46:54
05-10-2007 11:46:51 Local0.Info 192.168.0.1 IP: Packet allowed from
63.170.10.91 port 60995 to xxx.xxx.xxx.xxx port 25 (TCP)(allow by
SMTP) @2007-05-10-12:46:53
05-10-2007 11:46:50 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.175.8 port 48881 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:46:51
05-10-2007 11:46:49 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.165.187 port 52717 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:46:51
05-10-2007 11:46:49 Local0.Warning 192.168.0.1 IP: Packet discarded
from 192.168.0.21 port 1805 to 62.231.74.10 port 6667 (TCP)(outbound
rule) @2007-05-10-12:46:50
05-10-2007 11:46:45 Local0.Info 192.168.0.1 IP: Packet allowed from
63.170.10.91 port 60820 to xxx.xxx.xxx.xxx port 25 (TCP)(allow by
SMTP) @2007-05-10-12:46:47
05-10-2007 11:46:45 Local0.Info 192.168.0.1 IP: Packet allowed from
63.170.10.91 port 60819 to xxx.xxx.xxx.xxx port 25 (TCP)(allow by
SMTP) @2007-05-10-12:46:47
05-10-2007 11:46:44 Local0.Info 192.168.0.1 IP: Packet allowed from
63.170.10.91 port 60779 to xxx.xxx.xxx.xxx port 25 (TCP)(allow by
SMTP) @2007-05-10-12:46:45
05-10-2007 11:46:44 Local0.Warning 192.168.0.1 IP: Packet discarded
from 72.34.165.187 port 52717 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
rule) @2007-05-10-12:46:45
05-10-2007 11:46:43 Local0.Warning 192.168.0.1 IP: Packet discarded
from 192.168.0.21 port 1805 to 62.231.74.10 port 6667 (TCP)(outbound
rule) @2007-05-10-12:46:44
Top

Re: DoS? by Tom

Tom
Thu May 10 15:06:42 CDT 2007

You need to contact that ISP in texas with evidence from your logs so they
can stop it. In the meantime, all you can do is to block it in the
firewall.

<muce@jaguarot.com> wrote in message
news:1178823687.280119.138420@u30g2000hsc.googlegroups.com...
| First post here.
|
| I've attached a snippet from my Kiwi Syslog from a customer's server.
| Take a look at the times any you'll see I'm getting bombarded with
| SMTP -- over 40 in half a minute, but sometimes as many as fifteen a
| second -- from IP addresses in the 72.34.1xx.xxx range. I've Googled
| some of them at random and the only connection is that they are all
| from the same ISP in Texas. I first noticed the problem when the
| Exchange server crashed. I blocked the ISP entire block at the router,
| but obviously this volume of traffic is still affecting things.
|
| Does anyone have an idea where to start with this? Any help will be
| much appreciated.
|
| Thanks,
|
| Mark
|
| 05-10-2007 11:47:11 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 63.170.10.91 port 60668 to xxx.xxx.xxx.xxx port 25 (TCP)
| (incorrect state) @2007-05-10-12:47:12
| 05-10-2007 11:47:11 Local0.Warning 192.168.0.1 IP: entry duplicated 3
| times @2007-05-10-12:47:10
| 05-10-2007 11:47:09 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 63.170.10.91 port 60679 to xxx.xxx.xxx.xxx port 25 (TCP)
| (incorrect state) @2007-05-10-12:47:10
| 05-10-2007 11:47:09 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.174.68 port 51646 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:47:10
| 05-10-2007 11:47:08 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.166.120 port 44576 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:47:09
| 05-10-2007 11:47:08 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.163.226 port 44466 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:47:09
| 05-10-2007 11:47:07 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.169.197 port 44372 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:47:09
| 05-10-2007 11:47:07 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.168.216 port 44319 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:47:09
| 05-10-2007 11:47:07 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.168.170 port 44183 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:47:09
| 05-10-2007 11:47:07 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.162.135 port 43779 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:47:09
| 05-10-2007 11:47:07 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.164.25 port 43671 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:47:09
| 05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.166.120 port 44576 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:47:06
| 05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.163.226 port 44466 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:47:06
| 05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.169.197 port 44372 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:47:06
| 05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.168.216 port 44319 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:47:06
| 05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.168.170 port 44183 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:47:06
| 05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.162.135 port 43779 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:47:06
| 05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.164.25 port 43671 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:47:06
| 05-10-2007 11:47:01 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.165.187 port 52717 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:47:03
| 05-10-2007 11:46:57 Local0.Info 192.168.0.1 IP: Packet allowed from
| 130.13.100.122 port 2492 to xxx.xxx.xxx.xxx port 443 (TCP)(allow by
| HTTPS) @2007-05-10-12:46:59
| 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.166.70 port 42172 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:46:54
| 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.163.240 port 41907 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:46:54
| 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.169.108 port 50974 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:46:54
| 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.166.133 port 50915 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:46:54
| 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.169.202 port 42518 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:46:54
| 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.168.223 port 42407 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:46:54
| 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.168.178 port 42107 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:46:54
| 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 219.148.119.6 port 6000 to xxx.xxx.xxx.xxx port 7212 (TCP)(no NAT
| port) @2007-05-10-12:46:54
| 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.167.199 port 50697 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:46:54
| 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.162.151 port 41557 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:46:54
| 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.164.35 port 41449 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:46:54
| 05-10-2007 11:46:51 Local0.Info 192.168.0.1 IP: Packet allowed from
| 63.170.10.91 port 60995 to xxx.xxx.xxx.xxx port 25 (TCP)(allow by
| SMTP) @2007-05-10-12:46:53
| 05-10-2007 11:46:50 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.175.8 port 48881 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:46:51
| 05-10-2007 11:46:49 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.165.187 port 52717 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:46:51
| 05-10-2007 11:46:49 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 192.168.0.21 port 1805 to 62.231.74.10 port 6667 (TCP)(outbound
| rule) @2007-05-10-12:46:50
| 05-10-2007 11:46:45 Local0.Info 192.168.0.1 IP: Packet allowed from
| 63.170.10.91 port 60820 to xxx.xxx.xxx.xxx port 25 (TCP)(allow by
| SMTP) @2007-05-10-12:46:47
| 05-10-2007 11:46:45 Local0.Info 192.168.0.1 IP: Packet allowed from
| 63.170.10.91 port 60819 to xxx.xxx.xxx.xxx port 25 (TCP)(allow by
| SMTP) @2007-05-10-12:46:47
| 05-10-2007 11:46:44 Local0.Info 192.168.0.1 IP: Packet allowed from
| 63.170.10.91 port 60779 to xxx.xxx.xxx.xxx port 25 (TCP)(allow by
| SMTP) @2007-05-10-12:46:45
| 05-10-2007 11:46:44 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 72.34.165.187 port 52717 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
| rule) @2007-05-10-12:46:45
| 05-10-2007 11:46:43 Local0.Warning 192.168.0.1 IP: Packet discarded
| from 192.168.0.21 port 1805 to 62.231.74.10 port 6667 (TCP)(outbound
| rule) @2007-05-10-12:46:44
|


Top

Re: DoS? by Lloyd

Lloyd
Wed May 30 14:09:04 CDT 2007

All minor stuff! The gov has the technology to hack your PC through the
power outlet, ham radio, microwave, break-and-enter to place a microchip in
your USB or other ports which will send and receive data. All your
anti-virus, anti-spyware, trojans, keylogger, etc. are useless! Hijack this
will find nothing! The A-V or other techs may take control of your PC but
they will be frustrated in their efforts by the previous resident on your
PC. It happened to me and could happen to you. If you're in Canada, the
Canadian Security Agency or the R.C.M.P. will have access to the same
technology to keep watch on you. Check out
http://www.tagmeme.com/exmachina/a/000122.html for one woman'e experience
and she is much more proficient than I! The gov knew in advance that 9/11
was going to happen and allowed it so as to be able to remove your civil
liberties and institute Homeland Security. Microsoft probably made a deal
with the gov (so that Microsoft's software has vulnerabilities which allow
the gov's hackers access. Use Linux and other open software. Not that that
is going to save your ass from microwave, ham radio and other intrusions)
which let them off the hook in the lawsuit with Napster. The judge in that
case recommended that the Justice Dept. go straight to the Supreme Court but
the fix was in. Microsoft's lawyers came from the same law firm as one or
some (I forgot which) as those on the Appeals Court. So. draw your own
conclusions! The press reported how Bush sat in a classroom doing nothing
after hearing that 9/11 had occurred. He knew but what the fuck could the
puppet Prez do? The Supremes had their reasons for giving Bush the
Presidence. O'Connor, for one, expressed her preference for the election of
Bush. You may boast about how much memory your PC and/or hard disk mat have.
Fool, the gov is working towards zetabytes. They can monitor any telephone
of=r PC in the world! Wgat can you about it? As an individual, little! As
the taxpayers whose dollars pay for this intrusion, together you can make a
difference. Pass the word and get PC users worldwide to flood their websites
every day, every hour, every minute, every second. They could stop an
individual but not the world!

"Tom Willett" <tompepper@mvps.invalid> wrote in message
news:ek6FB7zkHHA.4676@TK2MSFTNGP02.phx.gbl...
> You need to contact that ISP in texas with evidence from your logs so they
> can stop it. In the meantime, all you can do is to block it in the
> firewall.
>
> <muce@jaguarot.com> wrote in message
> news:1178823687.280119.138420@u30g2000hsc.googlegroups.com...
> | First post here.
> |
> | I've attached a snippet from my Kiwi Syslog from a customer's server.
> | Take a look at the times any you'll see I'm getting bombarded with
> | SMTP -- over 40 in half a minute, but sometimes as many as fifteen a
> | second -- from IP addresses in the 72.34.1xx.xxx range. I've Googled
> | some of them at random and the only connection is that they are all
> | from the same ISP in Texas. I first noticed the problem when the
> | Exchange server crashed. I blocked the ISP entire block at the router,
> | but obviously this volume of traffic is still affecting things.
> |
> | Does anyone have an idea where to start with this? Any help will be
> | much appreciated.
> |
> | Thanks,
> |
> | Mark
> |
> | 05-10-2007 11:47:11 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 63.170.10.91 port 60668 to xxx.xxx.xxx.xxx port 25 (TCP)
> | (incorrect state) @2007-05-10-12:47:12
> | 05-10-2007 11:47:11 Local0.Warning 192.168.0.1 IP: entry duplicated 3
> | times @2007-05-10-12:47:10
> | 05-10-2007 11:47:09 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 63.170.10.91 port 60679 to xxx.xxx.xxx.xxx port 25 (TCP)
> | (incorrect state) @2007-05-10-12:47:10
> | 05-10-2007 11:47:09 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.174.68 port 51646 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:47:10
> | 05-10-2007 11:47:08 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.166.120 port 44576 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:47:09
> | 05-10-2007 11:47:08 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.163.226 port 44466 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:47:09
> | 05-10-2007 11:47:07 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.169.197 port 44372 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:47:09
> | 05-10-2007 11:47:07 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.168.216 port 44319 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:47:09
> | 05-10-2007 11:47:07 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.168.170 port 44183 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:47:09
> | 05-10-2007 11:47:07 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.162.135 port 43779 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:47:09
> | 05-10-2007 11:47:07 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.164.25 port 43671 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:47:09
> | 05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.166.120 port 44576 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:47:06
> | 05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.163.226 port 44466 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:47:06
> | 05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.169.197 port 44372 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:47:06
> | 05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.168.216 port 44319 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:47:06
> | 05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.168.170 port 44183 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:47:06
> | 05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.162.135 port 43779 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:47:06
> | 05-10-2007 11:47:05 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.164.25 port 43671 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:47:06
> | 05-10-2007 11:47:01 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.165.187 port 52717 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:47:03
> | 05-10-2007 11:46:57 Local0.Info 192.168.0.1 IP: Packet allowed from
> | 130.13.100.122 port 2492 to xxx.xxx.xxx.xxx port 443 (TCP)(allow by
> | HTTPS) @2007-05-10-12:46:59
> | 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.166.70 port 42172 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:46:54
> | 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.163.240 port 41907 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:46:54
> | 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.169.108 port 50974 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:46:54
> | 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.166.133 port 50915 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:46:54
> | 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.169.202 port 42518 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:46:54
> | 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.168.223 port 42407 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:46:54
> | 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.168.178 port 42107 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:46:54
> | 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 219.148.119.6 port 6000 to xxx.xxx.xxx.xxx port 7212 (TCP)(no NAT
> | port) @2007-05-10-12:46:54
> | 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.167.199 port 50697 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:46:54
> | 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.162.151 port 41557 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:46:54
> | 05-10-2007 11:46:52 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.164.35 port 41449 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:46:54
> | 05-10-2007 11:46:51 Local0.Info 192.168.0.1 IP: Packet allowed from
> | 63.170.10.91 port 60995 to xxx.xxx.xxx.xxx port 25 (TCP)(allow by
> | SMTP) @2007-05-10-12:46:53
> | 05-10-2007 11:46:50 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.175.8 port 48881 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:46:51
> | 05-10-2007 11:46:49 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.165.187 port 52717 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:46:51
> | 05-10-2007 11:46:49 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 192.168.0.21 port 1805 to 62.231.74.10 port 6667 (TCP)(outbound
> | rule) @2007-05-10-12:46:50
> | 05-10-2007 11:46:45 Local0.Info 192.168.0.1 IP: Packet allowed from
> | 63.170.10.91 port 60820 to xxx.xxx.xxx.xxx port 25 (TCP)(allow by
> | SMTP) @2007-05-10-12:46:47
> | 05-10-2007 11:46:45 Local0.Info 192.168.0.1 IP: Packet allowed from
> | 63.170.10.91 port 60819 to xxx.xxx.xxx.xxx port 25 (TCP)(allow by
> | SMTP) @2007-05-10-12:46:47
> | 05-10-2007 11:46:44 Local0.Info 192.168.0.1 IP: Packet allowed from
> | 63.170.10.91 port 60779 to xxx.xxx.xxx.xxx port 25 (TCP)(allow by
> | SMTP) @2007-05-10-12:46:45
> | 05-10-2007 11:46:44 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 72.34.165.187 port 52717 to xxx.xxx.xxx.xxx port 25 (TCP)(discard
> | rule) @2007-05-10-12:46:45
> | 05-10-2007 11:46:43 Local0.Warning 192.168.0.1 IP: Packet discarded
> | from 192.168.0.21 port 1805 to 62.231.74.10 port 6667 (TCP)(outbound
> | rule) @2007-05-10-12:46:44
> |
>
>


Top