[Techtalk] weird firewall log
Maria McKinley
maria at shadlen.org
Wed Apr 8 00:21:09 UTC 2009
Hello, the firewall logs on my wireless router has been filling with
stuff like this:
[INFO] Tue Apr 07 16:54:31 2009 Blocked incoming TCP connection request
from 209.44.116.98:59163 to 10.208.108.109:22
[INFO] Tue Apr 07 16:54:22 2009 Above message repeated 2 times
[INFO] Tue Apr 07 16:53:21 2009 Blocked incoming TCP connection request
from 81.19.121.88:37738 to 10.208.108.109:22
[INFO] Tue Apr 07 16:53:12 2009 Above message repeated 2 times
[INFO] Tue Apr 07 16:52:27 2009 Blocked incoming TCP connection request
from 194.50.85.50:56133 to 10.208.108.109:22
[INFO] Tue Apr 07 16:52:18 2009 Above message repeated 2 times
[INFO] Tue Apr 07 16:52:09 2009 Blocked incoming TCP connection request
from 209.44.119.13:47379 to 10.208.108.109:22
The strange thing is that the machine that has ip address 10.208.108.109
(and it has been just one machine for the past few days anyway) is not
on the network during a lot of the times I am getting these messages.
There seem to be many of the same machines sending packets. A few of
them I can lookup:
pele:/var/log# host 209.44.119.13
209.44.119.13 does not exist, try again
pele:/var/log# host 194.50.85.50
Name: darkstar.cryol.kiev.ua
Address: 194.50.85.50
pele:/var/log# host 81.19.121.88
Name: natsu.trap.fi
Address: 81.19.121.88
Certainly not my machines. Any idea why these machines would be
bombarding just one particular ip? And retrying so many bloody times?
This has been going on for over 2 days.
cheers,
maria
More information about the Techtalk
mailing list