Quote:
Sep 13 09:01:52 localhost kernel: Firewalled:IN=eth1 OUT= MAC= SRC=192.168.1.4 D ST=192.168.1.255 LEN=241 TOS=0x00 PREC=0x00 TTL=64 ID=31 DF PROTO=UDP SPT=138 DP T=138 LEN=221
|
This seems to be a NetBios broadcast. I think it's either a windows PC of some sort,
or a router/server requesting information from PC's on the network.
I seriously doubt it's any kind of attack, the source IP is an IP address that is
reserved for non-internet use.
Quote:
Sep 13 09:17:11 localhost kernel: Firewalled:IN=eth1 OUT= MAC=00:0d:88:19:ee:4a: 00:d0:d0:46:2d:85:08:00 SRC=64.94.110.12 DST=192.168.1.4 LEN=40 TOS=0x00 PREC=0x 00 TTL=46 ID=46678 DF PROTO=TCP SPT=80 DPT=50318 WINDOW=7504 RES=0x00 ACK FIN UR GP=0
|
These originated from a web server. The ACK FIN flags is the server responding to a FIN flag sent from
192.168.1.4. This is done in order to close a connection that has been established. Since it's coming
in on the same ports, with the same flags, it probably isnt an attack either.
You may have a slight firewall misconfiguration, and a router or modem with an IP your not aware of.