This is a multi-part message in MIME format.

------=_NextPart_000_0015_01BFF364.5099D040
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

I have now got a big part of my log file problems taken care of, I hope. =
Since I was getting many DENY from just a few common IP I spent time =
trying to see what was in common so I could remove so many logs from =
these IPs. This is what I found:

1. - There were four common IPs: 200.*.*.*, 24.*.*.*, 169.*.*.*, and =
10.*.*.*. All four of these had one thing in common, the return IP. This =
was 255.255.255.255. I thought that the return IP was nothing more than =
a mask. So I added a deny line for each IP that look like:

    ipchains -A input -j DENY -s 200.0.0.0/8 -d 255.255.255.255 - eth1

This has seemed to removed so many entries in my log file. Could this be =
a problem later on?

2. - Now that I have been able to "clean up" my log file I have been =
able to see the following in the log:

Jul 20 18:25:21 localhost kernel: Packet log: input DENY eth1 PROTO=3D17 =
24.1.224.10:121 24.1.231.255:121 L=3D50 S=3D0x00 I=3D46385 F=3D0x0000 =
T=3D30 (#39)=20

In this case the source IP and the destination IP seem to be valid. Any =
ideas on what I should do? I know that these IPs are on the Cox network =
so does this mean that Cox is checking on something or someone on the =
Cox network is looking for something?



3. - There are now a couple of IPs that have the return IP of =
255.255.255.255 that I did not notice before. Should I do the same with =
each of these IPs or not?



Thank You,



David Demland


------=_NextPart_000_0015_01BFF364.5099D040
Content-Type: text/html;
	charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META content=3D"text/html; charset=3Diso-8859-1" =
http-equiv=3DContent-Type>
<META content=3D"MSHTML 5.00.2722.2800" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>I have now got a big part of my log =
file problems=20
taken care of, I hope. Since I was getting many DENY from just a few =
common IP I=20
spent time trying to see what was in common so I could remove so many =
logs from=20
these IPs. This is what I found:</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>1. - There were four common IPs: =
200.*.*.*,=20
24.*.*.*, 169.*.*.*, and 10.*.*.*. All four of these had one thing in =
common,=20
the return IP. This was 255.255.255.255. I thought that the return IP =
was=20
nothing more than a mask. So I added a deny line for each IP that look=20
like:</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>&nbsp;&nbsp;&nbsp; ipchains -A input -j =
DENY -s=20
200.0.0.0/8 -d 255.255.255.255 - eth1</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>This has seemed to removed so many =
entries in my=20
log file. Could this be a problem later on?</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=3DArial size=3D2>2. - Now that I have been able to =
"clean up" my log=20
file I have been able to see the following in the log:</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT size=3D2>
<P>Jul 20 18:25:21 localhost kernel: Packet log: input DENY eth1 =
PROTO=3D17=20
24.1.224.10:121 24.1.231.255:121 L=3D50 S=3D0x00 I=3D46385 F=3D0x0000 =
T=3D30 (#39)=20
<BR><BR><FONT face=3DArial>In this case the source IP and the =
destination IP seem=20
to be valid. Any ideas on what I should do? I know that these IPs are on =
the Cox=20
network so does this mean that Cox is checking on something or someone =
on the=20
Cox network is looking for something?</FONT></P>
<P>&nbsp;</P>
<P><FONT face=3DArial>3. - There are now a couple of IPs that have the =
return IP=20
of 255.255.255.255 that I did not notice before. Should I do the same =
with each=20
of these IPs or not?</FONT></P>
<P>&nbsp;</P>
<P><FONT face=3DArial>Thank You,</FONT></P>
<P>&nbsp;</P>
<P><FONT face=3DArial>David =
Demland</FONT></P></FONT></DIV></BODY></HTML>

------=_NextPart_000_0015_01BFF364.5099D040--