02/08/07 07:29 firewalld[140]: deny in eth0:4 48 tcp 20 118 69.145.230.18 69.51.96.6 1323 445 syn (default)
02/08/07 07:29 firewalld[140]: deny in eth0:2 48 tcp 20 118 69.145.230.18 69.51.96.4 1321 445 syn (default)
02/08/07 07:29 firewalld[140]: deny in eth0:1 48 tcp 20 118 69.145.230.18 69.51.96.3 1320 445 syn (default)
02/08/07 07:29 firewalld[140]: deny in eth0:0 48 tcp 20 118 69.145.230.18 69.51.96.10 1327 445 syn (default)
02/08/07 07:29 firewalld[140]: deny in eth0:3 48 tcp 20 118 69.145.230.18 69.51.96.5 1322 445 syn (default)
02/08/07 07:29 firewalld[140]: deny in eth0 48 tcp 20 118 69.145.230.18 69.51.96.14 1331 445 syn (default)
02/08/07 07:29 firewalld[140]: deny in eth0:2 48 tcp 20 118 69.145.230.18 69.51.96.4 1321 445 syn (default)
02/08/07 07:29 firewalld[140]: deny in eth0:3 48 tcp 20 118 69.145.230.18 69.51.96.5 1322 445 syn (default)
02/08/07 07:29 firewalld[140]: deny in eth0:0 48 tcp 20 118 69.145.230.18 69.51.96.10 1327 445 syn (default)
02/08/07 07:29 firewalld[140]: deny in eth0:1 48 tcp 20 118 69.145.230.18 69.51.96.3 1320 445 syn (default)
02/08/07 07:29 firewalld[140]: deny in eth0 48 tcp 20 118 69.145.230.18 69.51.96.14 1331 445 syn (default)
02/08/07 07:29 firewalld[140]: deny in eth0:4 48 tcp 20 118 69.145.230.18 69.51.96.6 1323 445 syn (default)
02/08/07 07:29 firewalld[140]: deny in eth0:2 48 tcp 20 116 69.255.175.175 69.51.96.4 4744 5900 syn (default)
02/08/07 07:29 firewalld[140]: deny in eth0:2 48 tcp 20 116 69.255.175.175 69.51.96.4 4744 5900 syn (default)
02/08/07 07:29 firewalld[140]: deny in eth0:2 48 tcp 20 116 69.255.175.175 69.51.96.4 4744 5900 syn (default)

I know that 69.145.230.18 is Bresnan and that 69.255.175.175 is Comcast...but, besides the time and my IP, what does the rest mean? Anyone?

Actually...
I get the date, the time, firewalld[14], deny, eth0 and 69.51.96.4 - 14...but the rest I don't get.
48 tcp 20, 4744 5900 syn (default)

Translation:

You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron! You surf to much pron!

What kind of firewall are you using? I would think most are the same though


02/08/07 07:29 firewalld[140]: deny in eth0:2 48 tcp 20 116 69.255.175.175 69.51.96.4 4744 5900 syn (default)


02/08/07 07:29 firewalld[140] - Date/Time of Log Entry
Deny - Action Taken
in - Direction of packet
eth0 - Firewall port interface number
48 - Length of Packet
tcp - Protocol
20 - IP Header length
116 - TTL
69.255.175.175 - Source IP
69.51.96.4 - Destination Address
4744 - Source port
5900 - Destination port


SYN is just the type of packet it is. A SYN packet would initiate a tcp connection. An ACK packet would be a reply to the SYN packet.

Ok...it's a Firebox X700.

That makes sense, looking at the interpretation...gotta find out who it is and what to do about it now.

Anyone on your network using file sharing software?

Port 445 is SMB (Server Message Block) protocol. It is used, among other things, for file sharing in Windows NT/2000/XP.

I don't know...but you can be sure I'll find out (asshats)...everyone should know that I'm the only one allowed to download stuff at work!!!

Rook, your funny

Tech, I think your firewall just told you that you're "#1."