Any Firewall experts here?

MG_Nut · Apr 23, 2005

Here's a very small part of my Firewall's security log:

2d 00:51:05:linei 200.233.133.196 > 200.233.xxx.xxx (48) tcp: S 2160 > 135 (0) - DENY default rule - s(1)accept u(-1)deny

2d 00:51:08:linei 200.233.133.196 > 200.233.xxx.xxx (48) tcp: S 2160 > 135 (0) - DENY default rule - s(1)accept u(-1)deny

2d 00:51:40:linei 200.233.178.69 > 200.233.xxx.xxx (48) tcp: S 4775 > 135 (0) - DENY default rule - s(1)accept u(-1)deny

2d 00:53:07:linei 200.233.167.132 > 200.233.xxx.xxx (48) tcp: S 3154 > 1433 (0) - DENY default rule - s(1)accept u(-1)deny

2d 00:53:10:linei 200.233.167.132 > 200.233.xxx.xxx (48) tcp: S 3154 > 1433 (0) - DENY default rule - s(1)accept u(-1)deny

2d 00:54:27:linei 200.233.143.174 > 200.233.xxx.xxx (48) tcp: S 1709 > 135 (0) - DENY default rule - s(1)accept u(-1)deny

2d 00:54:30:linei 200.233.143.174 > 200.233.xxx.xxx (48) tcp: S 1709 > 135 (0) - DENY default rule - s(1)accept u(-1)deny

2d 00:56:13:linei 200.233.160.138 > 200.233.xxx.xxx (48) tcp: S 4535 > 445 (0) - DENY default rule - s(1)accept u(-1)deny

2d 00:56:25:linei 200.233.131.74 > 200.233.xxx.xxx (48) tcp: S 3373 > 135 (0) - DENY default rule - s(1)accept u(-1)deny

2d 00:58:30:linei 200.233.206.243 > 200.233.xxx.xxx (48) tcp: S 4312 > 445 (0) - DENY default rule - s(1)accept u(-1)deny

2d 00:58:33:linei 200.233.206.243 > 200.233.xxx.xxx (48) tcp: S 4312 > 445 (0) - DENY default rule - s(1)accept u(-1)deny

2d 01:00:01:linei 200.233.137.9 > 200.233.xxx.xxx (48) tcp: S 4462 > 445 (0) - DENY default rule - s(1)accept u(-1)deny

2d 01:00:05:linei 200.233.137.9 > 200.233.xxx.xxx (48) tcp: S 4462 > 445 (0) - DENY default rule - s(1)accept u(-1)deny

2d 01:00:07:linei 64.50.17.162 > 200.233.xxx.xxx (32) icmp: 8/0 echo req - DENY default rule - s(1)accept u(-1)deny

2d 01:00:22:linei 200.233.143.118 > 200.233.xxx.xxx (78) udp: 1027 > 137 (50) - DENY default rule - s(1)accept u(-1)deny

I presume these ip's are coming from some sort of hackers tools, and the IP address's are fake or whatever. What can I do to investigate these, to find out what's going on, and what I can do to stop them? Any ideas will be most appreciated.
Thanks
N.

cat5e · Apr 23, 2005

Might be regular Internet “noise”, very common if your are on Cable Internet.

In any case there is nothing you can do about it; since nothing was done to your system you would not have legal ground to demand the ISP to disclose the ID.

dedub · Apr 23, 2005

OrgName: Latin American and Caribbean IP address Regional Registry
OrgID: LACNIC
Address: Potosi 1517
City: Montevideo
StateProv:
PostalCode: 11500
Country: UY

ReferralServer: whois://whois.lacnic.net

NetRange: 200.0.0.0 - 200.255.255.255
CIDR: 200.0.0.0/8
NetName: LACNIC-200
NetHandle: NET-200-0-0-0-1
Parent:
NetType: Allocated to LACNIC
NameServer: NS.LACNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: NS-SEC.RIPE.NET
NameServer: SEC3.APNIC.NET
NameServer: NS2.DNS.BR
Comment: This IP address range is under LACNIC responsibility for further
Comment: allocations to users in LACNIC region.
Comment: Please see http://www.lacnic.net/ for further details, or check the
Comment: WHOIS server located at whois.lacnic.net
RegDate: 2002-07-27
Updated: 2005-03-29

OrgTechHandle: LACNIC-ARIN
OrgTechName: LACNIC Whois Info
OrgTechPhone: (+55) 11 5509-3522
OrgTechEmail: whois-contact@lacnic.net

# ARIN WHOIS database, last updated 2005-04-23 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

MG_Nut · Apr 24, 2005

Thanks a lot Cat5e and dedub. Much appreciated.

N.

Log in or Sign up

Any Firewall experts here?

MG_Nut Private E-2

cat5e MajorGeek

dedub Corporal

MG_Nut Private E-2