410 incidients today of hitting my firewall [good grief] [firewall]

Q: Tue, 11.01.2005 5:34:47 – TCP connection is broken – Source: 65.6.2.167, 19557, WAN – Destination: xx.xx.xx.x, 24932, LAN – to set “TCP Abnormally 977 503 977 503 410 ———-
End Sign of times in about 16 hours.

good grief

jC

---

Re:I wouldn't worry about it as long as your firewall is blocking it and its not causing any service disruptions.

410 in 16hrs might seem like a lot, but it isnt.

When Blaster was released, we had over 100,000 scans across all of our blocks in 12 hours.

---

Re:Only 410 hits? When the Sasser worm and other variants are out there I get that many in an hour. I just smile at the fact that I have a firewall doing its job.

---

Re:Originally posted by: guy
what is usual cause of these? Unknown attacks from a virus or just some ahole trying to be a butt?

jC

Well in my case the offending IP address is 69.24.160.1. It looks a user block of IPs for the ISP according to arin.net.

---

Re:what is usual cause of these? Unknown attacks from a virus or just some ahole trying to be a butt?

jC

---

Re:That's really interesting. My firewall has been picking up tons of abnormal TCP packets from my ISP. Granted it's on port 0 which according to some people on nmap is used for OS fingerprinting.

---

Related posts

• Where to get a Cisco or Checkpoint Firewall to find a small home office in the cheap side? [cisco] [firewall] (0)
• SP2 default firewall question? [sp2] [firewall] (0)
• Need to guess which router should I buy? [firewall] [router] (0)
• ICS is with ZoneAlarm firewall? [zonealarm] [firewall] (0)
• I can remotely connect to my computer at school? [dhcp server] [firewall] (0)

Tags: firewall, good grief