Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




214 posts

Master Geek
Inactive user


Topic # 82556 1-May-2011 22:41
Send private message

for the last few weeks and is still ongoing i seem to have Intrusion's on my router when im on snap, this has just started and no sooner as i change ip due to being on dynamic, It still continues to happen.

these Intrusion's are diffrent ip's and diffrent ports, weather its someone or something scanning NZ ip's to gain access.

i rang snap and they didnt really know what to do, however i would have thought that isp's have the power to add such ip's to a main firewall so these are blocked..

heres a example:

May 1 21:43:36 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=122.108.188.228 DST=111.69.245.145 LEN=52 TOS=0x00 PREC=0x40 TTL=110 ID=3740 DF PROTO=TCP SPT=49401 DPT=41891 WINDOW=8192 RES=0x00 SYN URGP=0

May 1 21:43:36 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=220.236.11.148 DST=111.69.245.145 LEN=52 TOS=0x00 PREC=0x40 TTL=46 ID=18809 DF PROTO=TCP SPT=46231 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0

May 1 21:43:37 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=220.236.11.148 DST=111.69.245.145 LEN=52 TOS=0x00 PREC=0x40 TTL=46 ID=18810 DF PROTO=TCP SPT=46231 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0

May 1 21:43:39 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=122.108.188.228 DST=111.69.245.145 LEN=52 TOS=0x00 PREC=0x40 TTL=110 ID=4770 DF PROTO=TCP SPT=49401 DPT=41891 WINDOW=8192 RES=0x00 SYN URGP=0

May 1 21:43:39 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=110.163.10.16 DST=111.69.245.145 LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=33464 DF PROTO=TCP SPT=41619 DPT=443 WINDOW=5840 RES=0x00 SYN URGP=0

May 1 21:43:43 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=220.236.11.148 DST=111.69.245.145 LEN=52 TOS=0x00 PREC=0x40 TTL=46 ID=18812 DF PROTO=TCP SPT=46231 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0

May 1 21:43:45 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=122.108.188.228 DST=111.69.245.145 LEN=48 TOS=0x00 PREC=0x40 TTL=110 ID=4956 DF PROTO=TCP SPT=49401 DPT=41891 WINDOW=8192 RES=0x00 SYN URGP=0

May 1 21:43:45 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=58.107.224.209 DST=111.69.245.145 LEN=48 TOS=0x00 PREC=0x40 TTL=110 ID=24970 DF PROTO=TCP SPT=51303 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0

May 1 21:43:45 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=122.150.207.150 DST=111.69.245.145 LEN=52 TOS=0x00 PREC=0x40 TTL=111 ID=6104 DF PROTO=TCP SPT=50881 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0

May 1 21:43:45 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=118.92.127.24 DST=111.69.245.145 LEN=64 TOS=0x00 PREC=0x00 TTL=56 ID=18154 DF PROTO=TCP SPT=51464 DPT=41891 WINDOW=65535 RES=0x00 SYN URGP=0

May 1 21:44:05 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=118.92.127.24 DST=111.69.245.145 LEN=48 TOS=0x00 PREC=0x00 TTL=56 ID=65455 DF PROTO=TCP SPT=51464 DPT=41891 WINDOW=65535 RES=0x00 SYN URGP=0

May 1 21:44:20 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=118.92.127.24 DST=111.69.245.145 LEN=48 TOS=0x00 PREC=0x00 TTL=56 ID=15944 DF PROTO=TCP SPT=51464 DPT=41891 WINDOW=65535 RES=0x00 SYN URGP=0

May 1 21:44:24 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=110.163.10.16 DST=111.69.245.145 LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=33468 DF PROTO=TCP SPT=41619 DPT=443 WINDOW=5840 RES=0x00 SYN URGP=0

May 1 21:44:54 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.70.166.242 DST=111.69.245.145 LEN=48 TOS=0x00 PREC=0x40 TTL=109 ID=26079 DF PROTO=TCP SPT=60662 DPT=445 WINDOW=45000 RES=0x00 SYN URGP=0

May 1 21:44:57 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.70.166.242 DST=111.69.245.145 LEN=48 TOS=0x00 PREC=0x40 TTL=109 ID=26294 DF PROTO=TCP SPT=60662 DPT=445 WINDOW=45000 RES=0x00 SYN URGP=0

May 1 21:45:00 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=72.20.40.51 DST=111.69.245.145 LEN=52 TOS=0x00 PREC=0x40 TTL=52 ID=38879 DF PROTO=TCP SPT=44486 DPT=3128 WINDOW=5840 RES=0x00 SYN URGP=0

May 1 21:49:28 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=182.140.131.169 DST=111.69.245.145 LEN=40 TOS=0x00 PREC=0x40 TTL=101 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0

May 1 22:11:29 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.70.199.108 DST=111.69.245.145 LEN=60 TOS=0x00 PREC=0x40 TTL=109 ID=49001 DF PROTO=TCP SPT=43182 DPT=445 WINDOW=45000 RES=0x00 SYN URGP=0

May 1 22:11:32 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.70.199.108 DST=111.69.245.145 LEN=60 TOS=0x00 PREC=0x40 TTL=109 ID=49111 DF PROTO=TCP SPT=43182 DPT=445 WINDOW=45000 RES=0x00 SYN URGP=0

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
598 posts

Ultimate Geek
+1 received by user: 53

Trusted

  Reply # 464325 1-May-2011 23:24
Send private message

Why would you expect your ISP to filter Internet Noise?

This is why you run your own Firewall....

For the record, Stateful Firewalls are resource-hungry beasts, not many ISP's are going to offer to put you behind a firewall without charging you a premium for the service. They're Internet Service Providers, not Content Filters.

(The Internet really is a big, bad world...)






214 posts

Master Geek
Inactive user


  Reply # 464329 1-May-2011 23:42
Send private message

internet noise is not what this is, these are active scan requests and or packets directed to this ip or others

the window size "WINDOW=65535" this is the maximum packet size for a ping request aka DDos

like i said this has just started in the last few weeks and no doubt that this carry-on will use my bandwidth "not that i will notice it" but it will get used....

 
 
 
 




214 posts

Master Geek
Inactive user


  Reply # 464331 1-May-2011 23:48
Send private message

on a side note, my internet is up and down like a yo-yo, connection resets, speed sometimes goes through the floor around 2mbit on a adsl2+ line.

this carry-on has some effect on my internet....

2 other lines in the house..

farmside and slingshot do not suffer from this issue at all as they have no logs of this carry-on. so i put the question out there, why is snaps ip range getting targeted by hackers and scanners most probally on the IRC world of things.

598 posts

Ultimate Geek
+1 received by user: 53

Trusted

  Reply # 464335 2-May-2011 00:09
Send private message

Whole raft of reasons.
If your IP is dynamic then it could be that a past holder of the IP pissed off someone.
Or it could just be 'Snaps day' as you can be assured all ISPs cop this sorta noise.

Btw Window Sizing is not the same as Packet sizing.

With a raft of random sources you've got no real choice but to weather it, or get another IP address and move away from the problem.

(Or, notify the ISP's behind each of the sources, and hope they nix it. Yeah right.)

Snap have a couple more choices, but they'd probably be reserved for genuinely serious DoS that's likely to run your bill up or degrade their service. And i'd have to leave them to comment on that...






214 posts

Master Geek
Inactive user


  Reply # 464339 2-May-2011 00:18
Send private message

brand spanking new ip.........

May 2 00:12:12 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=58.165.104.126 DST=111.69.244.9 LEN=60 TOS=0x00 PREC=0x40 TTL=111 ID=6366 DF PROTO=TCP SPT=49238 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0

May 2 00:12:12 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=60.224.160.156 DST=111.69.244.9 LEN=64 TOS=0x00 PREC=0x40 TTL=46 ID=33771 DF PROTO=TCP SPT=55489 DPT=41891 WINDOW=65535 RES=0x00 SYN URGP=0

May 2 00:12:12 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=114.77.9.28 DST=111.69.244.9 LEN=52 TOS=0x00 PREC=0x40 TTL=110 ID=31 DF PROTO=TCP SPT=50803 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0

May 2 00:12:13 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=60.224.160.156 DST=111.69.244.9 LEN=64 TOS=0x00 PREC=0x40 TTL=46 ID=62886 DF PROTO=TCP SPT=55489 DPT=41891 WINDOW=65535 RES=0x00 SYN URGP=0

May 2 00:12:14 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=60.224.160.156 DST=111.69.244.9 LEN=64 TOS=0x00 PREC=0x40 TTL=46 ID=7422 DF PROTO=TCP SPT=55489 DPT=41891 WINDOW=65535 RES=0x00 SYN URGP=0

May 2 00:12:21 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=58.165.104.126 DST=111.69.244.9 LEN=56 TOS=0x00 PREC=0x40 TTL=111 ID=6384 DF PROTO=TCP SPT=49238 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0

May 2 00:12:21 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=114.77.9.28 DST=111.69.244.9 LEN=48 TOS=0x00 PREC=0x40 TTL=110 ID=226 DF PROTO=TCP SPT=50803 DPT=443 WINDOW=8192 RES=0x00 SYN URGP=0

May 2 00:12:22 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=110.163.227.143 DST=111.69.244.9 LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=35843 DF PROTO=TCP SPT=34776 DPT=443 WINDOW=5840 RES=0x00 SYN URGP=0

May 2 00:12:22 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=115.64.207.156 DST=111.69.244.9 LEN=52 TOS=0x00 PREC=0x40 TTL=109 ID=3478 DF PROTO=TCP SPT=1635 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0

May 2 00:12:22 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=110.163.221.30 DST=111.69.244.9 LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=57094 DF PROTO=TCP SPT=62010 DPT=41891 WINDOW=5840 RES=0x00 SYN URGP=0

May 2 00:12:23 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=60.224.160.156 DST=111.69.244.9 LEN=48 TOS=0x00 PREC=0x40 TTL=46 ID=40693 DF PROTO=TCP SPT=55489 DPT=41891 WINDOW=65535 RES=0x00 SYN URGP=0

May 2 00:12:25 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=110.163.227.143 DST=111.69.244.9 LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=35844 DF PROTO=TCP SPT=34776
DPT=443 WINDOW=5840 RES=0x00 SYN URGP=0

May 2 00:12:28 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=115.64.207.156 DST=111.69.244.9 LEN=48 TOS=0x00 PREC=0x40 TTL=109 ID=3480 DF PROTO=TCP SPT=1635 DPT=80 WINDOW=8192 RES=0x00 SYN URGP=0

May 2 00:12:29 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=110.163.221.30 DST=111.69.244.9 LEN=60 TOS=0x00 PREC=0x00 TTL=41 ID=57095 DF PROTO=TCP SPT=62010 DPT=41891 WINDOW=5840 RES=0x00 SYN URGP=0

no matter how many ips i get after restarting my router, it still happens.

rang snap yesterday they gave me a static ip to see if that fixes it and no the problem was still happening.

they said they didnt know what else to do, tho i was probally speaking with the gardener or something.

8020 posts

Uber Geek
+1 received by user: 386

Trusted
Subscriber

  Reply # 464345 2-May-2011 02:34
Send private message

Hmm it's a bit odd, especially that it would follow you across ip address changes.

That would lead me to suspect something on one of your machines is triggering it or phoning home or the router is detecting false positives from normal traffic.

What make/model router is this? Are you running bit-torrent or other p2p software on any of your machines? Anything like Tor running? Usenet? IRC?

Have you tested with all your machines off bar one, with all programs closed apart from a browser to access the router UI?



214 posts

Master Geek
Inactive user


  Reply # 464353 2-May-2011 07:14
Send private message

i use irc but have my ip masked with a znc or what they call a vhost, meaning it does not show my normal host,

i have scanned my machine and no infections.

the router i use is a dlink 526b

i also have closed all my programes and ran netstat and nothing is running like it should be.



214 posts

Master Geek
Inactive user


Reply # 464927 3-May-2011 17:07
Send private message

with a new clean install of windows and a new ip, this is still happening and counting against my internet usage....

213 posts

Master Geek
+1 received by user: 3

Trusted
CallPlus Group

  Reply # 464976 3-May-2011 19:37
Send private message

huge proportion of the source ip's were what appeared to be australian, followed by japanese. Your first post also contained a few chinese and taiwanese ip's.

This one looked interesting, although it's not the norm in what appears to be a series of residential ip's.

IP : 72.20.40.51
Host : not-abuse.open.proxy.scans.on.connect.to.p2p-network.net
Country : United States

BDFL - Memuneh
59053 posts

Uber Geek
+1 received by user: 10336

Administrator
Trusted
Geekzone
Subscriber

  Reply # 464985 3-May-2011 19:52
Send private message

Have you run a torrent client before? Are you sure there isn't one running right now?





213 posts

Master Geek
+1 received by user: 3

Trusted
CallPlus Group

  Reply # 464990 3-May-2011 19:59
Send private message

looks and smells that way doesn't it.

BDFL - Memuneh
59053 posts

Uber Geek
+1 received by user: 10336

Administrator
Trusted
Geekzone
Subscriber

  Reply # 464991 3-May-2011 20:00
Send private message

It does look like there's a torrent program announcing seeds and people are trying to connect to download...






214 posts

Master Geek
Inactive user


  Reply # 464997 3-May-2011 20:31
Send private message

its a new install of windows, no torrent software is on here.



214 posts

Master Geek
Inactive user


  Reply # 464999 3-May-2011 20:35
Send private message

i have even ran a live cd of ubuntu and it still happens.......

here is a most up to date list



Date/Time Facility Severity Message
May 3 11:31:16 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=187.65.77.144 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=109 ID=12461 DF PROTO=TCP SPT=2711 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 11:41:59 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=125.227.162.162 DST=111.69.250.13 LEN=64 TOS=0x00 PREC=0x40 TTL=32 ID=65278 DF PROTO=TCP SPT=3542 DPT=445 WINDOW=53760 RES=0x00 SYN URGP=0

May 3 11:55:59 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=182.18.129.107 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=107 ID=13114 DF PROTO=TCP SPT=4093 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 12:13:01 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=123.71.222.4 DST=111.69.250.13 LEN=52 TOS=0x00 PREC=0x40 TTL=109 ID=3682 DF PROTO=TCP SPT=1436 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 12:13:04 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=123.71.222.4 DST=111.69.250.13 LEN=52 TOS=0x00 PREC=0x40 TTL=109 ID=4024 DF PROTO=TCP SPT=1436 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 12:26:27 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=221.194.44.208 DST=111.69.250.13 LEN=40 TOS=0x00 PREC=0x40 TTL=99 ID=256 PROTO=TCP SPT=6000 DPT=9415 WINDOW=16384 RES=0x00 SYN URGP=0

May 3 12:38:56 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=200.158.254.196 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=107 ID=53601 DF PROTO=TCP SPT=3577 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

May 3 12:47:54 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.252.197.204 DST=111.69.250.13 LEN=64 TOS=0x00 PREC=0x40 TTL=32 ID=51874 DF PROTO=TCP SPT=3954 DPT=135 WINDOW=53760 RES=0x00 SYN URGP=0

May 3 12:47:57 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.252.197.204 DST=111.69.250.13 LEN=64 TOS=0x00 PREC=0x40 TTL=32 ID=52719 DF PROTO=TCP SPT=3954 DPT=135 WINDOW=53760 RES=0x00 SYN URGP=0

May 3 12:50:55 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=168.212.28.201 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=112 ID=17826 DF PROTO=TCP SPT=4103 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 12:50:58 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=168.212.28.201 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=112 ID=18306 DF PROTO=TCP SPT=4103 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 13:14:51 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=61.7.235.70 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=113 ID=58596 DF PROTO=TCP SPT=4463 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 13:14:54 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=61.7.235.70 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=113 ID=58752 DF PROTO=TCP SPT=4463 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 13:15:30 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=186.48.48.39 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=105 ID=28833 DF PROTO=TCP SPT=2236 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0

May 3 13:36:25 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.70.48.180 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=109 ID=29765 DF PROTO=TCP SPT=44923 DPT=445 WINDOW=64380 RES=0x00 SYN URGP=0

May 3 13:36:28 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.70.48.180 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=109 ID=29871 DF PROTO=TCP SPT=44923 DPT=445 WINDOW=64380 RES=0x00 SYN URGP=0

May 3 13:41:16 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=189.41.28.3 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=113 ID=46418 DF PROTO=TCP SPT=3216 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 13:41:19 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=189.41.28.3 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=113 ID=46535 DF PROTO=TCP SPT=3216 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 13:46:27 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=186.80.221.105 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=105 ID=15343 DF PROTO=TCP SPT=54463 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 13:46:30 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=186.80.221.105 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=105 ID=15567 DF PROTO=TCP SPT=54463 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 14:05:53 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=189.251.63.80 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=113 ID=12550 DF PROTO=TCP SPT=39200 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 14:08:46 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=199.175.47.36 DST=111.69.250.13 LEN=52 TOS=0x00 PREC=0x40 TTL=117 ID=28936 DF PROTO=TCP SPT=2525 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 14:38:00 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=60.190.243.23 DST=111.69.250.13 LEN=40 TOS=0x00 PREC=0x40 TTL=101 ID=256 PROTO=TCP SPT=6000 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0

May 3 14:43:40 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=217.219.119.42 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=104 ID=17561 DF PROTO=TCP SPT=17655 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 14:43:43 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=217.219.119.42 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=104 ID=18041 DF PROTO=TCP SPT=17655 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 15:08:53 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=118.26.194.134 DST=111.69.250.13 LEN=52 TOS=0x00 PREC=0x40 TTL=109 ID=4045 DF PROTO=TCP SPT=3765 DPT=445 WINDOW=64240 RES=0x00 SYN URGP=0

May 3 15:15:29 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.70.130.55 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=110 ID=43734 DF PROTO=TCP SPT=21001 DPT=445 WINDOW=64380 RES=0x00 SYN URGP=0

May 3 15:15:32 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.70.130.55 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=110 ID=43934 DF PROTO=TCP SPT=21001 DPT=445 WINDOW=64380 RES=0x00 SYN URGP=0

May 3 15:19:39 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=221.194.44.208 DST=111.69.250.13 LEN=40 TOS=0x00 PREC=0x40 TTL=99 ID=256 PROTO=TCP SPT=6000 DPT=9415 WINDOW=16384 RES=0x00 SYN URGP=0

May 3 15:23:52 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.70.48.180 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=109 ID=56325 DF PROTO=TCP SPT=33921 DPT=445 WINDOW=64380 RES=0x00 SYN URGP=0

May 3 15:23:55 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.70.48.180 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=109 ID=56413 DF PROTO=TCP SPT=33921 DPT=445 WINDOW=64380 RES=0x00 SYN URGP=0

May 3 15:40:50 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.70.4.18 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=110 ID=938 DF PROTO=TCP SPT=36423 DPT=445 WINDOW=64380 RES=0x00 SYN URGP=0

May 3 15:40:53 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.70.4.18 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=110 ID=1355 DF PROTO=TCP SPT=36423 DPT=445 WINDOW=64380 RES=0x00 SYN URGP=0

May 3 15:55:42 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.70.48.180 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=109 ID=57016 DF PROTO=TCP SPT=5200 DPT=445 WINDOW=64380 RES=0x00 SYN URGP=0

May 3 16:20:53 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=124.172.250.202 DST=111.69.250.13 LEN=40 TOS=0x00 PREC=0x40 TTL=100 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0

May 3 16:25:58 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=58.251.60.228 DST=111.69.250.13 LEN=40 TOS=0x00 PREC=0x40 TTL=48 ID=0 DF PROTO=TCP SPT=12200 DPT=9415 WINDOW=8192 RES=0x00 SYN URGP=0

May 3 16:30:01 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.251.203.13 DST=111.69.250.13 LEN=64 TOS=0x00 PREC=0x40 TTL=32 ID=15277 DF PROTO=TCP SPT=9731 DPT=135 WINDOW=53760 RES=0x00 SYN URGP=0

May 3 16:30:03 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.251.203.13 DST=111.69.250.13 LEN=64 TOS=0x00 PREC=0x40 TTL=32 ID=16027 DF PROTO=TCP SPT=9731 DPT=135 WINDOW=53760 RES=0x00 SYN URGP=0

May 3 16:53:58 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.188.102.214 DST=111.69.250.13 LEN=64 TOS=0x00 PREC=0x00 TTL=31 ID=59639 DF PROTO=TCP SPT=23191 DPT=135 WINDOW=53760 RES=0x00 SYN URGP=0

May 3 16:54:01 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.188.102.214 DST=111.69.250.13 LEN=64 TOS=0x00 PREC=0x00 TTL=31 ID=60517 DF PROTO=TCP SPT=23191 DPT=135 WINDOW=53760 RES=0x00 SYN URGP=0

May 3 17:00:51 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=114.40.245.34 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=112 ID=53885 DF PROTO=TCP SPT=1266 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 17:23:41 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=46.47.90.139 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=112 ID=17308 DF PROTO=TCP SPT=3557 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 17:23:43 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=46.47.90.139 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=112 ID=20383 DF PROTO=TCP SPT=3557 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 17:52:32 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.70.154.222 DST=111.69.250.13 LEN=52 TOS=0x00 PREC=0x40 TTL=109 ID=43795 DF PROTO=TCP SPT=52808 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 17:52:35 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.70.154.222 DST=111.69.250.13 LEN=52 TOS=0x00 PREC=0x40 TTL=109 ID=43903 DF PROTO=TCP SPT=52808 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 17:52:40 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=122.160.44.231 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=109 ID=16000 DF PROTO=TCP SPT=31381 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 17:52:43 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=122.160.44.231 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=109 ID=16175 DF PROTO=TCP SPT=31381 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 17:53:05 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.251.191.142 DST=111.69.250.13 LEN=64 TOS=0x00 PREC=0x40 TTL=32 ID=8497 DF PROTO=TCP SPT=50217 DPT=135 WINDOW=53760 RES=0x00 SYN URGP=0

May 3 17:53:08 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.251.191.142 DST=111.69.250.13 LEN=64 TOS=0x00 PREC=0x40 TTL=32 ID=9284 DF PROTO=TCP SPT=50217 DPT=135 WINDOW=53760 RES=0x00 SYN URGP=0

May 3 17:54:34 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=203.167.215.28 DST=111.69.250.13 LEN=52 TOS=0x00 PREC=0x00 TTL=122 ID=37380 DF PROTO=TCP SPT=8180 DPT=58474 WINDOW=8192 RES=0x00 SYN URGP=0

May 3 17:54:35 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=184.22.254.24 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=113 ID=14735 DF PROTO=TCP SPT=10475 DPT=58473 WINDOW=8192 RES=0x00 SYN URGP=0

May 3 17:54:37 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=203.167.215.28 DST=111.69.250.13 LEN=52 TOS=0x00 PREC=0x00 TTL=122 ID=19773 DF PROTO=TCP SPT=8180 DPT=58474 WINDOW=8192 RES=0x00 SYN URGP=0

May 3 17:54:43 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=203.167.215.28 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=63513 DF PROTO=TCP SPT=8180 DPT=58474 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 18:32:32 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=113.224.64.167 DST=111.69.250.13 LEN=40 TOS=0x00 PREC=0x40 TTL=105 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0

May 3 18:34:39 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=61.50.187.215 DST=111.69.250.13 LEN=40 TOS=0x00 PREC=0x40 TTL=98 ID=256 PROTO=TCP SPT=6000 DPT=3389 WINDOW=16384 RES=0x00 SYN URGP=0

May 3 18:35:19 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=221.194.44.208 DST=111.69.250.13 LEN=40 TOS=0x00 PREC=0x40 TTL=99 ID=256 PROTO=TCP SPT=6000 DPT=9415 WINDOW=16384 RES=0x00 SYN URGP=0

May 3 18:37:28 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=94.50.8.159 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=105 ID=18515 DF PROTO=TCP SPT=3031 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 18:37:31 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=94.50.8.159 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=105 ID=18543 DF PROTO=TCP SPT=3031 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 18:48:03 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=125.64.96.21 DST=111.69.250.13 LEN=40 TOS=0x00 PREC=0x40 TTL=99 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0

May 3 19:09:38 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.83.205.220 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=109 ID=24370 DF PROTO=TCP SPT=38948 DPT=445 WINDOW=64380 RES=0x00 SYN URGP=0

May 3 19:09:38 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=111.83.205.220 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=109 ID=24371 DF PROTO=TCP SPT=38949 DPT=445 WINDOW=64380 RES=0x00 SYN URGP=0

May 3 19:12:40 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=218.175.96.88 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=112 ID=61443 DF PROTO=TCP SPT=3305 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 19:41:32 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=219.235.240.57 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=109 ID=48311 PROTO=TCP SPT=52593 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 19:57:56 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=219.235.240.57 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=109 ID=42724 PROTO=TCP SPT=64994 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 20:08:49 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=109.230.221.24 DST=111.69.250.13 LEN=40 TOS=0x00 PREC=0x40 TTL=113 ID=256 DF PROTO=TCP SPT=12200 DPT=3128 WINDOW=8192 RES=0x00 SYN URGP=0

May 3 20:12:51 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=221.194.44.208 DST=111.69.250.13 LEN=40 TOS=0x00 PREC=0x40 TTL=99 ID=256 PROTO=TCP SPT=6000 DPT=9415 WINDOW=16384 RES=0x00 SYN URGP=0

May 3 20:21:58 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=2.93.16.88 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=106 ID=15859 DF PROTO=TCP SPT=1950 DPT=445 WINDOW=64380 RES=0x00 SYN URGP=0

May 3 20:22:00 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=2.93.16.88 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=106 ID=17852 DF PROTO=TCP SPT=1950 DPT=445 WINDOW=64380 RES=0x00 SYN URGP=0

May 3 20:25:51 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=83.242.196.218 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=98 ID=28686 DF PROTO=TCP SPT=3789 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 20:34:05 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=117.204.43.123 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=108 ID=9940 DF PROTO=TCP SPT=3485 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0

May 3 20:44:42 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=91.99.146.243 DST=111.69.250.13 LEN=48 TOS=0x00 PREC=0x40 TTL=106 ID=54698 DF PROTO=TCP SPT=58776 DPT=139 WINDOW=16384 RES=0x00 SYN URGP=0


note my ip is 111.69.250.13



214 posts

Master Geek
Inactive user


  Reply # 465009 3-May-2011 21:00
Send private message

note a new ip 111.69.240.51

May 3 21:00:04 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=208.80.194.27 DST=111.69.240.51 LEN=60 TOS=0x00 PREC=0x40 TTL=53 ID=30484 DF PROTO=TCP SPT=38133 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0

May 3 21:00:05 user alert kernel: Intrusion -> IN=ppp_0_0_100_1 OUT= MAC= SRC=208.80.194.27 DST=111.69.240.51 LEN=60 TOS=0x00 PREC=0x40 TTL=53 ID=30485 DF PROTO=TCP SPT=38133 DPT=80 WINDOW=5840 RES=0x00 SYN URGP=0

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

UFB killer app: Speed
Posted 17-Nov-2017 17:01


The case for RSS — MacSparky
Posted 13-Nov-2017 14:35


WordPress and Indieweb: Take control of your online presence — 6:30 GridAKL Nov 30
Posted 11-Nov-2017 13:43


Chorus reveals technology upgrade for schools, students
Posted 10-Nov-2017 10:28


Vodafone says Internet of Things (IoT) crucial for digital transformation
Posted 10-Nov-2017 10:06


Police and Facebook launch AMBER Alerts system in NZ
Posted 9-Nov-2017 10:49


Amazon debuts Fire TV Stick Basic Edition in over 100 new countries
Posted 8-Nov-2017 05:34


Vodafone VoIP transition to start this month
Posted 7-Nov-2017 12:33


Spark enhances IoT network capability
Posted 7-Nov-2017 11:33


Vocus NZ sale and broadband competition
Posted 6-Nov-2017 14:36


Hawaiki reaches key milestone in landmark deep-sea fibre project
Posted 4-Nov-2017 13:53


Countdown launches new proximity online shopping app
Posted 4-Nov-2017 13:50


Nokia 3310 to be available through Spark New Zealand
Posted 4-Nov-2017 13:31


Nest launches in New Zealand
Posted 4-Nov-2017 12:31


Active wholesale as Chorus tackles wireless challenge
Posted 3-Nov-2017 10:55



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.