what am i looking at, aside from my firewall's WAN side being hit by hosts from the private ranges 10.58.6.0/24 and 10.58.16.0/24 ? I assume these are CL hosts because I would assume CL has reverse path filtering, etc
22feb2015
############
10.58.6.155
10.58.6.35
10.58.6.123
10.58.6.173
10.58.6.41
10.58.6.77
Feb 22 01:46:17 kernel: IN=eth0 OUT= MAC=xxx SRC=10.58.6.155 DST=67.237.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=19278 DF PROTO=TCP SPT=443 DPT=48083 WINDOW=8192 RES=0x00 ACK SYN URGP=0
Feb 22 01:46:17 kernel: IN=eth0 OUT= MAC=xxx SRC=10.58.6.35 DST=67.237.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=10699 DF PROTO=TCP SPT=443 DPT=48085 WINDOW=8192 RES=0x00 ACK SYN URGP=0
Feb 22 01:46:17 kernel: IN=eth0 OUT= MAC=xxx SRC=10.58.6.123 DST=67.237.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=10694 DF PROTO=TCP SPT=443 DPT=48086 WINDOW=8192 RES=0x00 ACK SYN URGP=0
Feb 22 01:46:28 kernel: IN=eth0 OUT= MAC=xxx SRC=10.58.6.173 DST=67.237.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=117 ID=14944 DF PROTO=TCP SPT=443 DPT=48080 WINDOW=0 RES=0x00 RST URGP=0
Feb 22 01:46:29 kernel: IN=eth0 OUT= MAC=xxx SRC=10.58.6.123 DST=67.237.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=117 ID=15951 DF PROTO=TCP SPT=443 DPT=48082 WINDOW=0 RES=0x00 RST URGP=0
Feb 22 01:46:29 kernel: IN=eth0 OUT= MAC=xxx SRC=10.58.6.155 DST=67.237.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=117 ID=24708 DF PROTO=TCP SPT=443 DPT=48083 WINDOW=0 RES=0x00 RST URGP=0
Feb 22 01:46:30 kernel: IN=eth0 OUT= MAC=xxxSRC=10.58.6.41 DST=67.237.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=117 ID=14004 DF PROTO=TCP SPT=443 DPT=48090 WINDOW=0 RES=0x00 RST URGP=0
Feb 22 01:46:31 kernel: IN=eth0 OUT= MAC=xxx SRC=10.58.6.77 DST=67.237.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=117 ID=694 DF PROTO=TCP SPT=443 DPT=48091 WINDOW=0 RES=0x00 RST URGP=0
Feb 22 01:46:32 kernel: IN=eth0 OUT= MAC=xxx SRC=10.58.6.173 DST=67.237.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=117 ID=16299 DF PROTO=TCP SPT=443 DPT=48092 WINDOW=0 RES=0x00 RST URGP=0
C:\Users\adrian>tracert 10.58.6.155 (2:40am)
Tracing route to 10.58.6.155 over a maximum of 30 hops
1 1 ms 1 ms 1 ms router.asus.com [192.168.87.1]
2 9 ms 8 ms 8 ms fl-67-237-xx-xx.dhcp.embarqhsd.net [67.237.xx.xx]
3 * * * Request timed out.
4 * * * Request timed out.
############
10.58.16.109
10.58.16.103
10.58.16.39
10.58.16.128
10.58.16.134
Feb 22 02:06:26 kernel: IN=eth0 OUT= MAC=xxx SRC=10.58.16.109 DST=67.237.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=14922 DF PROTO=TCP SPT=443 DPT=13748 WINDOW=8192 RES=0x00 ACK SYN URGP=0
Feb 22 02:06:36 kernel: IN=eth0 OUT= MAC=xxx SRC=10.58.16.103 DST=67.237.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=117 ID=8472 DF PROTO=TCP SPT=443 DPT=13743 WINDOW=0 RES=0x00 RST URGP=0
Feb 22 02:06:38 kernel: IN=eth0 OUT= MAC=xxx SRC=10.58.16.109 DST=67.237.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=117 ID=30136 DF PROTO=TCP SPT=443 DPT=13748 WINDOW=0 RES=0x00 RST URGP=0
Feb 22 02:09:23 kernel: IN=eth0 OUT= MAC=xxx SRC=10.58.16.39 DST=67.237.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=117 ID=22517 DF PROTO=TCP SPT=443 DPT=1718 WINDOW=0 RES=0x00 RST URGP=0
Feb 22 02:09:24 kernel: IN=eth0 OUT= MAC=xxx SRC=10.58.16.128 DST=67.237.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=117 ID=19922 DF PROTO=TCP SPT=443 DPT=1720 WINDOW=0 RES=0x00 RST URGP=0
Feb 22 02:09:24 kernel: IN=eth0 OUT= MAC=xxx SRC=10.58.16.134 DST=67.237.xx.xx LEN=40 TOS=0x00 PREC=0x00 TTL=117 ID=8818 DF PROTO=TCP SPT=443 DPT=1721 WINDOW=0 RES=0x00 RST URGP=0
C:\Users\adrian>tracert 10.58.16.39 (2:40am)
Tracing route to 10.58.16.39 over a maximum of 30 hops
1 1 ms 1 ms 1 ms router.asus.com [192.168.87.1]
2 8 ms 8 ms 9 ms fl-67-237-xx-xx.dhcp.embarqhsd.net [67.237.xx.xx]
3 * * * Request timed out.
↧