[Dshield] Weird Zone alarm logs...

Quibell, Marc Marc.Quibell at icn.state.ia.us
Thu Oct 25 18:03:09 GMT 2001


Er....normal traffic?

Marc Quibell
ICN Network Operations Center
Data Operations Group
noc at icn.state.ia.us
1-800-572-3940



-----Original Message-----
From: Chris Murray [mailto:cmurray at apeman.org]
Sent: Thursday, October 25, 2001 12:28 PM
To: dshield at dshield.org
Subject: [Dshield] Weird Zone alarm logs...


One of my users at work has sent me this log snippit. His workstation is
on a totally different network then that of x.x.x.0/24 The block he is on
also routes out from a totally different carrier than x.x.x.0/24.

He is using the zone alarm personal firewall. Not that the destination
port is not always 80, 

Any thoughts on what this might be?


FWROUTE,2001/10/23,14:31:53 -7:00 GMT,208.181.163.72:1930,x.x.x.229:80,TCP
(flags:S)
FWROUTE,2001/10/23,14:36:44 -7:00 GMT,208.181.163.72:3388,x.x.x.231:80,TCP
(flags:S)
FWROUTE,2001/10/23,14:37:51 -7:00 GMT,208.181.163.72:2592,x.x.x.235:80,TCP
(flags:S)
FWROUTE,2001/10/23,14:39:19 -7:00 GMT,208.181.163.72:2605,x.x.x.226:80,TCP
(flags:S)
FWROUTE,2001/10/23,14:43:42 -7:00 GMT,208.61.122.130:4059,x.x.x.227:80,TCP
(flags:S)
FWROUTE,2001/10/23,14:55:44 -7:00 GMT,208.180.8.148:2250,x.x.x.230:80,TCP
(flags:S)
FWROUTE,2001/10/23,14:57:10 -7:00 GMT,208.181.163.72:4468,x.x.x.228:80,TCP
(flags:S)
FWROUTE,2001/10/23,14:58:30 -7:00 GMT,208.181.163.72:4205,x.x.x.236:80,TCP
(flags:S)
FWROUTE,2001/10/23,15:02:57 -7:00 GMT,208.181.136.56:4380,x.x.x.237:80,TCP
(flags:S)
FWROUTE,2001/10/23,15:07:55 -7:00 GMT,208.165.228.69:4431,x.x.x.228:80,TCP
(flags:S)
FWROUTE,2001/10/23,15:08:04 -7:00 GMT,208.181.163.72:2723,x.x.x.239:80,TCP
(flags:S)
FWROUTE,2001/10/23,15:11:48 -7:00 GMT,208.181.136.30:3393,x.x.x.234:80,TCP
(flags:S)
FWROUTE,2001/10/23,15:12:14 -7:00 GMT,208.181.163.72:2619,x.x.x.228:80,TCP
(flags:S)
FWROUTE,2001/10/23,15:23:25 -7:00 GMT,208.181.163.72:1883,x.x.x.225:80,TCP
(flags:S)
FWROUTE,2001/10/23,15:24:15 -7:00 GMT,208.181.163.72:4159,x.x.x.224:80,TCP
(flags:S)
FWROUTE,2001/10/23,15:26:13 -7:00 GMT,208.181.163.72:1705,x.x.x.224:80,TCP
(flags:S)
FWROUTE,2001/10/23,15:30:25 -7:00 GMT,208.181.163.72:1609,x.x.x.236:80,TCP
(flags:S)
FWROUTE,2001/10/23,15:30:52 -7:00 GMT,208.181.163.72:2815,x.x.x.225:80,TCP
(flags:S)
FWROUTE,2001/10/23,15:33:37 -7:00 GMT,208.181.163.72:2722,x.x.x.224:80,TCP
(flags:S)
FWROUTE,2001/10/23,15:38:58 -7:00 GMT,208.181.163.72:1755,x.x.x.237:80,TCP
(flags:S)
FWROUTE,2001/10/23,15:42:46 -7:00 GMT,208.181.163.72:3963,x.x.x.238:80,TCP
(flags:S)
FWROUTE,2001/10/23,15:50:55 -7:00 GMT,208.181.163.72:2516,x.x.x.231:80,TCP
(flags:S)
FWROUTE,2001/10/23,15:53:27 -7:00 GMT,208.181.163.72:1646,x.x.x.226:80,TCP
(flags:S)
FWROUTE,2001/10/23,16:04:01 -7:00 GMT,208.181.163.72:3058,x.x.x.231:80,TCP
(flags:S)
FWROUTE,2001/10/23,16:08:50 -7:00 GMT,208.181.163.72:4262,x.x.x.235:80,TCP
(flags:S)
FWROUTE,2001/10/23,16:16:56 -7:00 GMT,208.165.228.69:4296,x.x.x.226:80,TCP
(flags:S)
FWROUTE,2001/10/23,16:17:05 -7:00 GMT,65.203.157.146:80,x.x.x.237:1240,TCP
(flags:AS)
FWROUTE,2001/10/23,16:20:30 -7:00 GMT,65.203.157.138:80,x.x.x.236:1236,TCP
(flags:AS)
FWROUTE,2001/10/23,16:24:36 -7:00 GMT,208.181.163.72:3780,x.x.x.228:80,TCP
(flags:S)
FWROUTE,2001/10/23,16:24:46 -7:00 GMT,208.181.163.72:4205,x.x.x.231:80,TCP
(flags:S)
FWROUTE,2001/10/23,16:24:53 -7:00 GMT,208.181.163.72:4505,x.x.x.233:80,TCP
(flags:S)
FWROUTE,2001/10/23,16:33:49 -7:00 GMT,208.181.163.72:4775,x.x.x.224:80,TCP
(flags:S)
FWROUTE,2001/10/23,16:34:09 -7:00 GMT,208.181.163.72:1900,x.x.x.231:80,TCP
(flags:S)
FWROUTE,2001/10/23,16:39:53 -7:00 GMT,208.181.163.72:4858,x.x.x.234:80,TCP
(flags:S)

Thanks!
- Chris

--
Chris Murray                   /"\   
cmurray at apeman.org             \ /     ASCII RIBBON CAMPAIGN
http://apeman.org/              X        AGAINST HTML MAIL 
Cell: 604.861.8307             / \/

_______________________________________________
Dshield mailing list
Dshield at dshield.org
To change your subscription options (or unsubscribe), see:
http://www1.dshield.org/mailman/listinfo/dshield




More information about the list mailing list