[Dshield] Firewall access

Graham Dodd g.dodd at falk-ross.de
Mon Oct 15 06:34:05 GMT 2001


Good morning all,

I posed this question last year and didn't get any response, I'm not sure if
that was a good or a bad sign !!

This is from my firewall logs showing denied connections, but how do I know
if somebody got through my firewall due to an incorrect configuration or a
security hole.

I would appreciate comments, ideas, and possible solutions


thanks,
	Graham


Oct 13 05:52:22 gateway kernel: Packet log: input DENY eth0 PROTO=6
212.37.205.32:1382 xxx.xx.xxx.xx:21 L=44 S=0x00 I=44807 F=0x4000 T=113 SYN
(#15)
Oct 13 07:37:04 gateway kernel: Packet log: input DENY eth0 PROTO=6
210.131.12.54:21 xxx.xx.xxx.xx:21 L=40 S=0x00 I=57482 F=0x0000 T=108 SYN
(#15)
Oct 13 15:45:04 gateway kernel: Packet log: input DENY eth0 PROTO=6
212.5.122.11:2566 xxx.xx.xxx.xx:53 L=60 S=0x00 I=31400 F=0x4000 T=44 SYN
(#15)
Oct 13 19:59:32 gateway kernel: Packet log: input DENY eth0 PROTO=6
211.114.56.1:3005 xxx.xx.xxx.xx:111 L=60 S=0x00 I=34726 F=0x4000 T=40 SYN
(#15)
Oct 13 21:59:23 gateway kernel: Packet log: input DENY eth0 PROTO=6
217.136.35.4:3975 xxx.xx.xxx.xx:21 L=48 S=0x00 I=14247 F=0x4000 T=118 SYN
(#15)




More information about the list mailing list