Ray:
Good point. I agree that it's *far* more likely
that seeing RFC-1918 addresses on your external interface
in a cable-modem setting is a problem with your neighbor's
PC settings than it is a legitimate attack.
What makes me reconsider that caveat in this
case, however, was the TTL number:
>> Jun 15 23:50:55 bluetrout kernel: Packet log: input DENY
>> eth0 PROTO=17 192.168.0.2:137 a.b.c.d:137 L=78 S=0x00
>> I=1498 F=0x0000 T=107 (#11)
A TTL of 107 wouldn't be my neighbor; I'd expect
more like 127 or 126 (given that most Windoze versions start,
for whatever reason, at 128). If not for that, I'd agree
that this was most likely just uninteresting background noise.
-Scott
_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
http://lists.sourceforge.net/lists/listinfo/leaf-user
