murkus and idaho45 gave me the following command:
gconftool-2 --set --type string /apps/firestarter/client/system_log /var/log/iptables.log
which is a long answer to a short question
]]>Time:Aug 24 19:53:56 Direction: Unknown In:eth0 Out: Port:34609 Source:168.95.192.1 Destination:192.168.0.101 Length:220 TOS:0x00 Protocol:UDP Service:Unknown
Time:Aug 24 22:23:31 Direction: Unknown In:eth0 Out: Port:34662 Source:168.95.192.1 Destination:192.168.0.101 Length:485 TOS:0x00 Protocol:UDP Service:Unknown
Time:Aug 24 22:55:28 Direction: Unknown In:eth0 Out: Port:34683 Source:168.95.192.1 Destination:192.168.0.101 Length:150 TOS:0x00 Protocol:UDP Service:Unknown
Time:Aug 25 21:13:54 Direction: Unknown In:eth0 Out: Port:34736 Source:168.95.192.1 Destination:192.168.0.101 Length:296 TOS:0x00 Protocol:UDP Service:Unknown
Time:Aug 25 21:44:33 Direction: Unknown In:eth0 Out: Port:34774 Source:168.95.192.1 Destination:192.168.0.101 Length:277 TOS:0x00 Protocol:UDP Service:Unknown
Time:Aug 25 22:16:01 Direction: Unknown In:eth0 Out: Port:34791 Source:168.95.192.1 Destination:192.168.0.101 Length:298 TOS:0x00 Protocol:UDP Service:Unknown
Time:Aug 26 22:34:39 Direction: Unknown In:eth0 Out: Port:34891 Source:168.95.192.1 Destination:192.168.0.101 Length:172 TOS:0x00 Protocol:UDP Service:Unknown
Time:Aug 26 23:37:36 Direction: Unknown In:eth0 Out: Port:34903 Source:168.95.192.1 Destination:192.168.0.101 Length:144 TOS:0x00 Protocol:UDP Service:Unknown
suggestions ?
go to grc.com and find shieldsup page.
scan yourself, and if you aren't fully "stealthed" have a tinker with your firewall/router rules.
any incoming packets that aren't associated with a program you are running, should be dropped.
It's likely that the above scan is set up to scan a large range of IP address blocks looking for ports that can be used to forward traffic like a proxy for masking a spammers address. Hence it appears to be slow from your point of view..
It's also likely that the scanning address too has also been hijacked.
As Grail suggested, maybe its a misconfigured app, altho i cant think of one that would do such a slow scan across such a range.
regardless of what or why, take it as a wake up call to overhaul how your firewall/router handles things. Can't be too careful.
hth
]]>Time:Aug 10 22:20:37 Direction: Unknown In:eth0 Out: Port:32894 Source:168.95.192.1 Destination:192.168.0.101 Length:79
TOS:0x00 Protocol:UDP Service:Sun-RPC portmap
Time:Aug 11 00:14:41 Direction: Unknown In:eth0 Out: Port:32939 Source:168.95.192.1 Destination:192.168.0.101 Length:178 TOS:0x00 Protocol:UDP Service:Unknown
Time:Aug 11 18:45:50 Direction: Unknown In:eth0 Out: Port:32989 Source:168.95.192.1 Destination:192.168.0.101 Length:148 TOS:0x00 Protocol:UDP Service:Unknown
Time:Aug 12 10:08:56 Direction: Unknown In:eth0 Out: Port:33160 Source:168.95.192.1 Destination:192.168.0.101 Length:183 TOS:0x00 Protocol:UDP Service:Unknown
And a little while later.
Time:Aug 17 22:34:14 Direction: Unknown In:eth0 Out: Port:33855 Source:168.95.192.1 Destination:192.168.0.101 Length:56
TOS:0x00 Protocol:UDP Service:Unknown
Time:Aug 18 19:57:20 Direction: Unknown In:eth0 Out: Port:33909 Source:168.95.192.1 Destination:192.168.0.101 Length:312 TOS:0x00 Protocol:UDP Service:Unknown
Time:Aug 18 20:43:19 Direction: Unknown In:eth0 Out: Port:33921 Source:168.95.192.1 Destination:192.168.0.101 Length:197 TOS:0x00 Protocol:UDP Service:Unknown
Time:Aug 18 20:52:32 Direction: Unknown In:eth0 Out: Port:33923 Source:168.95.192.1 Destination:192.168.0.101 Length:248 TOS:0x00 Protocol:UDP Service:Unknown
Time:Aug 18 22:01:54 Direction: Unknown In:eth0 Out: Port:34047 Source:168.95.192.1 Destination:192.168.0.101 Length:133 TOS:0x00 Protocol:UDP Service:Unknown
Time:Aug 18 22:32:32 Direction: Unknown In:eth0 Out: Port:34056 Source:168.95.192.1 Destination:192.168.0.101 Length:120 TOS:0x00 Protocol:UDP Service:Unknown
Suggestions?
]]>