martian attack ports 1025 to 1027 kernel: ll header: ff:ff:ff: Home user. Whattolearn

Emmanuel_uk · 04-22-2006, 04:43 AM

Hi,

Below the time line of what looked like a martian

attack.
Am I correct in the interpretation that this was a DOS?
Did the kernel really blocked the "funny packets" rather than shorewall / iptable?
because source 192.168.mypc_IP from 192.168.myrouter_IP is illogical (hence martian), correct?
the header list myrouter MAC (6 fields) followed by an extra :08:06, that is ARP protocol.
IS there anything to learn from all of this?
I know there is /proc/sys/net/ipv4/conf/all/log_martians.
Have read a few threads on martians.
Is it worth reporting something to this org that do distributed firewall (I cannot remember who/where. It is the first time I have evidence of some kind of attack)

Here is my setup (only 1 PC)
cable co modem (fixed IP) -> router with firewall -> eth0 -> ip_queue -> snortinline -> shorewall/IPtables -> userland
I have very very little port opened.
I do not run any services: no bind, no httpd, no R services. Nothing. I am hobbyist home user.
Usually /proc/sys/net/ipv4/icmp_echo_ignore_all is 0
(but I was doing a test on with my laptop om eth1 so it was
at 1 at some point during the day for about 20 min)

TIMELINE

Code:

Apr 21 20:37:44 martian source starts and then many many until
Apr 21 20:39:45 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:39:46 localhost normaluser: Shorewall Restarted
Apr 21 20:39:46 localhost snort[15240]: Final Flow Statistics
Apr 21 20:39:47 localhost snortd: snort startup succeeded
I think I did restart the firewall and snort because I was losing http on LQ.
The only thing maybe of interest during that http loss was that I was looking at the site of a LQ member
having a log problem (400 Mo filling in 1 hour). probably unrelated.
Apr 21 20:40:05 localhost kernel: printk: 1 messages suppressed.
Apr 21 20:40:05 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:40:05 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:41:00 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:41:00 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Nothing for a while
Friday April 21, 20:50 I reboot the router with its integrated firewall
Apr 21 20:51:58 localhost kernel: printk: 7 messages suppressed.
Apr 21 20:51:58 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
this keeps on up to
Apr 21 20:53:02 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:53:02 Last martian source
The martian source are at the same time as this log from my router
Friday April 21, 20:50:35 Unrecognized attempt blocked from 204.16.208.112:54142 to my_fixed_IP UDP:1026
Friday April 21, 20:50:35 Unrecognized attempt blocked from 204.16.208.112:54142 to my_fixed_IP UDP:1027
Friday April 21, 20:51:55 Unrecognized attempt blocked from 62.122.97.236:0 to my_fixed_IP UDP:1025
Friday April 21, 20:51:55 Unrecognized attempt blocked from 62.122.97.236:0 to my_fixed_IP UDP:1025
Friday April 21, 20:51:55 Unrecognized attempt blocked from 62.122.97.236:0 to my_fixed_IP UDP:1026
Friday April 21, 20:52:36 Unrecognized attempt blocked from 177.162.181.103:0 to my_fixed_IP UDP:1025
Friday April 21, 20:52:36 Unrecognized attempt blocked from 177.162.181.103:0 to my_fixed_IP UDP:1026
Friday April 21, 20:55:32 Unrecognized attempt blocked from 212.63.223.180:23654 to my_fixed_IP UDP:1026
I switch off power to cable co modem around the time below
Friday April 21, 21:00:20 DHCP:release

Postmortem:
nothing else detected by
chckrootkit, rkhunter, snort log, syslog, security.log and netstat.
No funny processes from top, nor from ps -eaf
I have tripwire but not run it in ages.

More or less full log (it is actually quite short)

Code:

Apr 21 20:19:06 localhost msec: Reading data from /etc/security/msec/perm.local
Apr 21 20:37:44 localhost kernel: printk: 28 messages suppressed.
Apr 21 20:37:44 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:37:44 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
10 of the line above @ Apr 21 20:37:44
Apr 21 20:37:49 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:37:49 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
4 more of the line above
Apr 21 20:37:54 localhost kernel: printk: 1 messages suppressed.
Apr 21 20:37:54 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:37:54 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:37:59 localhost kernel: printk: 5 messages suppressed.
Apr 21 20:37:59 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:37:59 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:38:04 localhost kernel: printk: 5 messages suppressed.
Apr 21 20:38:04 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:38:04 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:38:09 localhost kernel: printk: 5 messages suppressed.
Apr 21 20:38:09 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:38:09 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:38:14 localhost kernel: printk: 5 messages suppressed.
Apr 21 20:38:14 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:38:14 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:38:19 localhost kernel: printk: 5 messages suppressed.
Apr 21 20:38:19 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:38:19 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:38:24 localhost kernel: printk: 5 messages suppressed.
Apr 21 20:38:24 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:38:24 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:38:29 localhost kernel: printk: 2 messages suppressed.
Apr 21 20:38:29 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:38:29 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:38:34 localhost kernel: printk: 2 messages suppressed.
Apr 21 20:38:34 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:38:34 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:38:39 localhost kernel: printk: 2 messages suppressed.
Apr 21 20:38:39 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:38:39 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:38:44 localhost kernel: printk: 2 messages suppressed.
Apr 21 20:38:44 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:38:44 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:38:49 localhost kernel: printk: 2 messages suppressed.
Apr 21 20:38:49 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:38:49 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:38:54 localhost kernel: printk: 2 messages suppressed.
Apr 21 20:38:54 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:38:54 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:38:59 localhost kernel: printk: 2 messages suppressed.
Apr 21 20:38:59 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:38:59 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:39:10 localhost kernel: printk: 2 messages suppressed.
Apr 21 20:39:10 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:39:10 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:39:10 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:39:10 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:39:15 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:39:15 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:39:20 localhost kernel: printk: 1 messages suppressed.
Apr 21 20:39:20 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:39:20 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:39:25 localhost kernel: printk: 1 messages suppressed.
Apr 21 20:39:25 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:39:25 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:39:30 localhost kernel: printk: 1 messages suppressed.
Apr 21 20:39:30 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:39:30 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:39:35 localhost kernel: printk: 1 messages suppressed.
Apr 21 20:39:35 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:39:35 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:39:40 localhost kernel: printk: 1 messages suppressed.
Apr 21 20:39:40 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:39:40 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:39:45 localhost kernel: printk: 1 messages suppressed.
Apr 21 20:39:45 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:39:45 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
--
Apr 21 20:39:46 localhost normaluser: Shorewall Restarted
Apr 21 20:39:46 localhost snort[15240]: Final Flow Statistics
Apr 21 20:39:47 localhost snortd: snort startup succeeded

Apr 21 20:40:05 localhost kernel: printk: 1 messages suppressed.
Apr 21 20:40:05 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:40:05 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:40:05 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:40:05 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:40:05 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:40:05 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:40:05 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:40:05 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:40:10 localhost kernel: printk: 2 messages suppressed.
Apr 21 20:40:10 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:40:10 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:40:15 localhost kernel: printk: 5 messages suppressed.
Apr 21 20:40:15 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:40:15 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:40:20 localhost kernel: printk: 5 messages suppressed.
Apr 21 20:40:20 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:40:20 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:40:25 localhost kernel: printk: 5 messages suppressed.
Apr 21 20:40:25 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:40:25 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:40:30 localhost kernel: printk: 13 messages suppressed.
Apr 21 20:40:30 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:40:30 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:40:35 localhost kernel: printk: 13 messages suppressed.
Apr 21 20:40:35 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:40:35 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:40:40 localhost kernel: printk: 13 messages suppressed.
Apr 21 20:40:40 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:40:40 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:40:45 localhost kernel: printk: 13 messages suppressed.
Apr 21 20:40:45 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:40:45 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:40:50 localhost kernel: printk: 7 messages suppressed.
Apr 21 20:40:50 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:40:50 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:40:55 localhost kernel: printk: 7 messages suppressed.
Apr 21 20:40:55 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:40:55 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:41:00 localhost kernel: printk: 7 messages suppressed.
Apr 21 20:41:00 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:41:00 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
--
Apr 21 20:51:58 localhost kernel: printk: 7 messages suppressed.
Apr 21 20:51:58 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:51:58 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:52:01 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:52:01 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:52:02 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:52:02 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:52:06 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:52:06 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:52:07 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:52:07 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:52:08 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:52:08 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:52:09 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:52:09 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:52:09 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:52:09 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:52:15 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:52:15 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:52:15 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:52:15 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:52:16 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:52:16 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:52:19 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:52:19 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:52:20 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:52:20 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:52:20 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:52:20 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:52:25 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:52:25 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:52:37 localhost kernel: printk: 2 messages suppressed.
Apr 21 20:52:37 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:52:37 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:52:38 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:52:38 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:53:01 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:53:01 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Apr 21 20:53:02 localhost kernel: martian source 192.168.mypc_IP from 192.168.myrouter_IP, on dev eth0
Apr 21 20:53:02 localhost kernel: ll header: ff:ff:ff:ff:ff:ff:myrouterMAC_followedbyextra:08:06
Switch off power to cable co modem
Apr 21 20:53:26 localhost kernel: eth0: link down
nOW THE router log (short because I restarted it)
Friday April 21, 20:50:35 Unrecognized attempt blocked from 204.16.208.112:54142 to my_fixed_IP UDP:1026
Friday April 21, 20:50:35 Unrecognized attempt blocked from 204.16.208.112:54142 to my_fixed_IP UDP:1027
Friday April 21, 20:51:55 Unrecognized attempt blocked from 62.122.97.236:0 to my_fixed_IP UDP:1025
Friday April 21, 20:51:55 Unrecognized attempt blocked from 62.122.97.236:0 to my_fixed_IP UDP:1025
Friday April 21, 20:51:55 Unrecognized attempt blocked from 62.122.97.236:0 to my_fixed_IP UDP:1026
Friday April 21, 20:52:36 Unrecognized attempt blocked from 177.162.181.103:0 to my_fixed_IP UDP:1025
Friday April 21, 20:52:36 Unrecognized attempt blocked from 177.162.181.103:0 to my_fixed_IP UDP:1026
Friday April 21, 20:55:32 Unrecognized attempt blocked from 212.63.223.180:23654 to my_fixed_IP UDP:1026
Friday April 21, 21:00:20 T2346Connection is broken
Friday April 21, 21:00:20 DHCP:release
Friday April 21, 21:20:56 DOD:192.168.mypc_IP query DNS for current.cvd.clamav.net
Friday April 21, 21:21:24 DHCP:discover()
Friday April 21, 21:21:56 DOD:192.168.mypc_IP query DNS for database.clamav.net
Friday April 21, 21:21:56 DHCP:discover()

Crito · 04-23-2006, 04:08 PM

It's probably some kind of denial of service attack since they're not getting any packets back at those "martian" addresses, a necessity if you're trying to crack into something.

Not sure why your firewall/router would be letting those ports through by default though, unless you're initiating the communication, like maybe with a misconfigured FTP server? Just guessing... anyway, I wouldn't lose any sleep over it.

I guess the moral of the story is you just can't trust little green men in flying saucers.

Or was there a question in your post somewhere I missed? LOL