Help with apf log (Firewall)

xgeek · Nov 20, 2004

Hi Guys,

This is my first post so go easy on me

Been with as shared host for an number of years and only recently (last week) moved to a dedicated box with DA as the user interface.
All seems to be going well and I like DA so far.

Although my question is non-DA related I am hoping someone would be kind enough to lend a helpinhg hand.

Okay I have just installed apf as my firewall. It all looks very straight forward and I don't think I have any major issues, except possibly one!

I have just checked my syslog and with the apf enabled I get a log every few seconds.
My shared server ip is = 65.215.220.188
and 65.248.51.5 is one of my static ip's (not used yet).

If I am reading this log right (and I am most probably not).
There seems to be an incoming TCP connection every few seconds from different ip's all on different source ports. All trying to connect to 65.248.51.5 on port 8754.

Now my question is why? What is port 8754 used for and why are all these ip's trying to access it with my ip of 65.248.51.5

Is this a problem or am I missing somthing?

Many thanks in advance
Xgeek

Code:

11-20-2004	12:05:10	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=61.215.144.2 DST=65.248.51.5 LEN=52 TOS=0x04 PREC=0x00 TTL=110 ID=40455 DF PROTO=TCP SPT=3027 DPT=8754 WINDOW=55424 RES=0x00 SYN URGP=0 OPT (020405980103030201010402)
11-20-2004	12:05:09	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=220.75.164.118 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=111 ID=49685 DF PROTO=TCP SPT=2418 DPT=8754 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B401010402)
11-20-2004	12:05:09	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=221.143.216.197 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=113 ID=3789 DF PROTO=TCP SPT=1322 DPT=8754 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
11-20-2004	12:05:07	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=61.215.144.2 DST=65.248.51.5 LEN=52 TOS=0x04 PREC=0x00 TTL=110 ID=40187 DF PROTO=TCP SPT=3027 DPT=8754 WINDOW=55424 RES=0x00 SYN URGP=0 OPT (020405980103030201010402)
11-20-2004	12:05:06	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=220.75.164.118 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=111 ID=49683 DF PROTO=TCP SPT=2418 DPT=8754 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B401010402)
11-20-2004	12:04:58	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=24.45.98.220 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=109 ID=18919 DF PROTO=TCP SPT=1557 DPT=8754 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
11-20-2004	12:04:53	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=219.249.135.93 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=115 ID=1431 DF PROTO=TCP SPT=4958 DPT=8754 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
11-20-2004	12:04:52	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=24.45.98.220 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=109 ID=18918 DF PROTO=TCP SPT=1557 DPT=8754 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
11-20-2004	12:04:49	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=24.45.98.220 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=109 ID=18917 DF PROTO=TCP SPT=1557 DPT=8754 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (020405B401010402)
11-20-2004	12:04:47	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=219.249.135.93 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=115 ID=959 DF PROTO=TCP SPT=4958 DPT=8754 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
11-20-2004	12:04:46	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=24.21.233.251 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=116 ID=53771 DF PROTO=TCP SPT=4976 DPT=8754 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204059C01010402)
11-20-2004	12:04:44	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=219.249.135.93 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=115 ID=716 DF PROTO=TCP SPT=4958 DPT=8754 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
11-20-2004	12:04:44	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=221.167.0.75 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=114 ID=55387 DF PROTO=TCP SPT=2848 DPT=8754 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204058601010402)
11-20-2004	12:04:40	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=24.21.233.251 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=116 ID=53770 DF PROTO=TCP SPT=4976 DPT=8754 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204059C01010402)
11-20-2004	12:04:39	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=213.10.213.29 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=112 ID=41963 DF PROTO=TCP SPT=3211 DPT=8754 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (0204055001010402)
11-20-2004	12:04:38	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=221.167.0.75 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=114 ID=55346 DF PROTO=TCP SPT=2848 DPT=8754 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204058601010402)
11-20-2004	12:04:37	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=24.21.233.251 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=116 ID=53769 DF PROTO=TCP SPT=4976 DPT=8754 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204059C01010402)
11-20-2004	12:04:35	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=24.19.39.174 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=116 ID=29051 DF PROTO=TCP SPT=4710 DPT=8754 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B401010402)
11-20-2004	12:04:35	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=221.167.0.75 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=114 ID=55316 DF PROTO=TCP SPT=2848 DPT=8754 WINDOW=65535 RES=0x00 SYN URGP=0 OPT (0204058601010402)
11-20-2004	12:04:33	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=213.10.213.29 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=112 ID=41874 DF PROTO=TCP SPT=3211 DPT=8754 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (0204055001010402)
11-20-2004	12:04:30	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=213.10.213.29 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=112 ID=41844 DF PROTO=TCP SPT=3211 DPT=8754 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (0204055001010402)
11-20-2004	12:04:29	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=24.19.39.174 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=116 ID=28873 DF PROTO=TCP SPT=4710 DPT=8754 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B401010402)
11-20-2004	12:04:29	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=221.163.237.106 DST=65.248.51.5 LEN=64 TOS=0x04 PREC=0x00 TTL=46 ID=39037 DF PROTO=TCP SPT=3550 DPT=8754 WINDOW=60352 RES=0x00 SYN URGP=0 OPT (020405B4010303020101080A000000000000000001010402)
11-20-2004	12:04:28	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=210.124.106.254 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=107 ID=45410 DF PROTO=TCP SPT=34087 DPT=8754 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
11-20-2004	12:04:26	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=24.19.39.174 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=116 ID=28743 DF PROTO=TCP SPT=4710 DPT=8754 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B401010402)
11-20-2004	12:04:23	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=221.163.237.106 DST=65.248.51.5 LEN=64 TOS=0x04 PREC=0x00 TTL=46 ID=38770 DF PROTO=TCP SPT=3550 DPT=8754 WINDOW=60352 RES=0x00 SYN URGP=0 OPT (020405B4010303020101080A000000000000000001010402)
11-20-2004	12:04:22	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=210.124.106.254 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=107 ID=45407 DF PROTO=TCP SPT=34087 DPT=8754 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
11-20-2004	12:04:20	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=221.163.237.106 DST=65.248.51.5 LEN=64 TOS=0x04 PREC=0x00 TTL=46 ID=38634 DF PROTO=TCP SPT=3550 DPT=8754 WINDOW=60352 RES=0x00 SYN URGP=0 OPT (020405B4010303020101080A000000000000000001010402)
11-20-2004	12:04:19	Kernel.Warning	65.215.220.188	kernel: ** IN_TCP DROP ** IN=eth0 OUT= MAC=00:0c:f1:a8:ee:5b:00:11:11:41:3d:2b:08:00 SRC=210.124.106.254 DST=65.248.51.5 LEN=48 TOS=0x04 PREC=0x00 TTL=107 ID=45406 DF PROTO=TCP SPT=34087 DPT=8754 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)

Help with apf log (Firewall)

xgeek

Verified User