dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
846
share rss forum feed

PariahInIowa

join:2011-07-14

Sagem 1704 security, repeated intrusions

Hi guys,

I've been getting intrusion alerts in the log of my Windstream-supplied router/modem for a more than a year, and I'm concerned. I've mentioned it to quite a few techs and service guys, and I'm never able to get any help with it. Everyone dismisses it or misconstrues it as a flaw in local security (a neighbor or something).

The log entries look like this, though I've redacted MAC and IP numbers:

kernel: Intrusion -> IN=atm0 OUT= MAC=7c:03:4c:21:a2:df:00:0e:xx:xx:xx:xx:08:00 SRC=217.219.164.117 DST=132.123.123.123 LEN=52 TOS=0x00 PREC=0x00 TTL=109 ID=19018 DF PROTO=TCP SPT=50326 DPT=445 WINDOW=8192 RES=0x00
 

Anyone have any idea what this could indicate? I am getting hits like this from various source addresses up to a few times a minute. I also periodically see indications that the modem's NIC has entered promiscuous mode.

Does Windstream bear any responsibility for insecure routers? My average latency is already relatively poor, with typical pings being in the 100-220ms range - would I take a significant hit if I added a third party router (Linksys or DLink or something) between the Windstream device and my local network? Would this, in fact, protect my local traffic? What would need to happen to protect my remote traffic?

Thanks,
Pariah


Napsterbater
Meh
Premium,MVM
join:2002-12-28
Milledgeville, GA

Its internet background noise, ignore it.

and no adding another router will not help with latency or security but it can possibly just cause issues with some applications because of double NAT


PariahInIowa

join:2011-07-14

said by Napsterbater:

Its internet background noise, ignore it.

A kernel intrusion doesn't really sound like background noise to me. Can you please explain what exactly you think the log is indicating and why it's unimportant?

said by Napsterbater:

and no adding another router will not help with latency or security but it can possibly just cause issues with some applications because of double NAT

I understand that adding a second router wouldn't IMPROVE my pings, but I intended to determine how much it would hurt them. As for security, I'm pretty sure that the new NAT is exactly what would improve security. The NAT functions like a firewall, and if the modem/router from Windstream can't be trusted, then the firewall needs to be between it and my network, right? And I'm not sure which applications you're suggesting will become problematic (UPNP stuff?), but wouldn't setting the sagem to bridge mode eliminate them?


Napsterbater
Meh
Premium,MVM
join:2002-12-28
Milledgeville, GA
Reviews:
·Windstream

Anything with a public IP is hammered everyday with scans and probes and connection attempts, the logs on most SOHO modems and router spout all kinds of dire warnings for every little BS thing, its not letting it though it just saying it "detected" it.

Unless you modem is running Windows port 445 is no threat to it anyways..

»www.grc.com/port_445.htm

(Goto port 445)
»en.wikipedia.org/wiki/List_of_TC···_numbers

Sure if you bridge the 1704 then yes that would eliminate the double NAT, but now the new router is just as "exposed" to the same "threat" and will deal with it in a similar way, drop it and possibly log somthing similar.

So you haven't gained anything.

You best bet is ignore the firewall logs and go about you day.
--
ASUS M4A79T Deluxe | AMD Phenom II x3 720 BE AM3 w/4 Cores @ 3.41Ghz(OC) | 8GB DDR3 Memory @ 1600mhz | Sapphire ATI HD4870 1GB 800mhz/1000mhz(OC) | 2x500GB HDD's Raid 0 | Windows 7 Ultimate x64| Windstream DSL 12m (14.9m Sync)/766k


PariahInIowa

join:2011-07-14

said by Napsterbater:

Anything with a public IP is hammered everyday with scans and probes and connection attempts, the logs on most SOHO modems and router spout all kinds of dire warnings for every little BS thing, its not letting it though it just saying it "detected" it.

Do you have any documentation for the log message I'm getting in particular? If you're just going to make assumptions without any real information, I don't know why they'd be optimistic or why you'd be so assertive in suggesting so. So, please, just give me a link to the documentation you're sourcing your information from. Or if you've some knowledge of how these messages are generated, please explain what precisely triggers them.

said by Napsterbater:

Unless you modem is running Windows port 445 is no threat to it anyways..
The intrusion message doesn't always show the same destination port.

said by Napsterbater:

Sure if you bridge the 1704 then yes that would eliminate the double NAT, but now the new router is just as "exposed" to the same "threat" and will deal with it in a similar way, drop it and possibly log somthing similar.

A new third-party router would give me peace of mind, if nothing else - if I owned a Belkin/Linksys/Netgear/whatever modem and it was showing a bunch of concerning logs, I guarantee you that I'd be able to get some support in diagnosing them. Instead, with this Sagem all I'm getting is a bunch of non-informative dismissals. I can't even find a proper manual for the device.

said by Napsterbater:

You best bet is ignore the firewall logs and go about you day.

My best bet would be to find some way to understand what exactly the log messages would mean. If you don't have any idea, then please stop trying to convince me that it's no big deal.


Windstream
Premium,VIP
join:2009-03-31
Twinsburg, OH
kudos:38

The kernel (software) on your router is letting you know that somebody tried to connect ('intrude') to your WAN IP address.

This happens all the time, entire botnets are dedicated to trying to connect to random IP addresses at certain ports to try default user/password combinations to see if they can find weak security/passwords somewhere. However because the router denies this, there is no problem.

The 'intrusions' being detected are usually harmless, you should worry more about the ones that are not logged, or depending on what type of "soft firewall' (McAfee, Norton,etc.) you have, what might actually be logged on your PC or antivirus software.

Adding a third party router would not really make much of a difference unless your modem was getting hit so much that it was dropping it's WAN IP to grab a new one (typically a bridged 3rd party router won't do this). However there have been times where we have identified malware (malicious software) on a customers PC that is contributing to the kernel intrusions by making you modem more 'visible'.

Run a thorough antivirus/malware scan on your PC (use antivirus software and malware software like Spybot S&D or Malwarebytes), if it doesn't turn up anything, and your modem is not dropping connection regularly I would not recommend any further action.

Aaron
Specialist II
--
We're here to help! wci.broadbandhelp@windstream.com


iowaboy
Premium
join:2004-02-28
Fairfield, IA
Reviews:
·Windstream
·WildBlue
reply to PariahInIowa

When I traced back the IPs of the intrusions into my router they came back to China and spammers here in USA. The big difference with the 1704 modem and router and the others is the 1704 does record the intrusions and the others like Cisco, Linksys and Belkin will just reject them and never record anything. I worried about all the intrusions till I read up on them and tracing them down.



NetEng

@windstream.net
reply to PariahInIowa

Your Sagemcom 1704 runs GNU/Linux, the kernel message you see is a direct result of the Linux ipt_LOG kernel module which exists/runs in the Linux netfilter kernel code which is responsible for iptables (was ipchains, was ipfw) -- the primary Linux network firewall. The kernel message you are seeing is nothing more than a -j LOG iptables statement on the INPUT chain (or a derived rule), likely a result of the iptables chain responsible for DNAT (Destination NAT).

The Linux source code for your DSL Modem/Router is at »opensource.sagemcom.com/

Scans for TCP 445 (Microsoft-DS) is HIGHLY normal; welcome to the public IPv4 Internet. You'll see TCP 22, 25, 110, 135-139, 443, 445, 993, 995, 5900-5905, 3128, etc. Read up on '/etc/services'

Your 3rd party replacement router will likely run GNU/Linux or VXWorks and potentially be less secure by 1) Not being Open Source, or 2) Suppressing these log messages for you. You've simply exposed yourself to greater knowledge by seeing these iptables ipt_LOG messages and get to enjoy RFC 1918 fun.

Here's some morons banging away at my Honeypot, I've redacted my destination address. These log messages are from a Linux router, NOT a Sagemcom 1704.

IN=ppp0 OUT= MAC= SRC=211.49.171.161 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=5927 DF PROTO=TCP SPT=59769 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=202.79.21.207 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=199 DF PROTO=TCP SPT=41064 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=116.122.37.81 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=9126 DF PROTO=TCP SPT=38129 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=61.139.54.71 DST=RED.AC.TE.D8 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=36235 PROTO=TCP SPT=11961 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=61.139.54.71 DST=RED.AC.TE.D7 LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=46652 PROTO=TCP SPT=11961 DPT=22 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=222.234.2.135 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=44442 DF PROTO=TCP SPT=57368 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=203.81.218.26 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=47840 DF PROTO=TCP SPT=45976 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=211.172.241.54 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=46635 DF PROTO=TCP SPT=58042 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=113.30.103.3 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=31217 DF PROTO=TCP SPT=57056 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=202.4.96.219 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=28682 DF PROTO=TCP SPT=43757 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=218.237.50.11 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=25367 DF PROTO=TCP SPT=36126 DPT=5901 WINDOW=14600 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=1.226.250.151 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=58947 DF PROTO=TCP SPT=52389 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=116.127.121.83 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=32062 DF PROTO=TCP SPT=52821 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=190.85.75.138 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=12761 DF PROTO=TCP SPT=38831 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=192.184.50.216 DST=RED.AC.TE.D8 LEN=48 TOS=0x00 PREC=0x00 TTL=117 ID=26404 DF PROTO=TCP SPT=3936 DPT=445 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=1.226.250.151 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=46397 DF PROTO=TCP SPT=34983 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=1.224.59.67 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=27509 DF PROTO=TCP SPT=15634 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=221.141.2.48 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=11616 DF PROTO=TCP SPT=57239 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=1.224.59.67 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=27088 DF PROTO=TCP SPT=38293 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=221.139.50.11 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=52475 DF PROTO=TCP SPT=48471 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=211.49.171.161 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=37291 DF PROTO=TCP SPT=33835 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=211.172.241.54 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=40157 DF PROTO=TCP SPT=47905 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=203.156.144.207 DST=RED.AC.TE.D7 LEN=60 TOS=0x1C PREC=0x80 TTL=39 ID=29170 DF PROTO=TCP SPT=44467 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=1.237.57.61 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=11587 DF PROTO=TCP SPT=38429 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=1.237.57.61 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=20476 DF PROTO=TCP SPT=32990 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=202.4.96.219 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=39 ID=24845 DF PROTO=TCP SPT=50314 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=116.122.37.81 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=27535 DF PROTO=TCP SPT=34173 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=58.225.75.154 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=22687 DF PROTO=TCP SPT=53670 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=61.231.88.9 DST=RED.AC.TE.D7 LEN=40 TOS=0x00 PREC=0x00 TTL=106 ID=256 DF PROTO=TCP SPT=12200 DPT=21320 WINDOW=8192 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=218.237.50.11 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=60514 DF PROTO=TCP SPT=41525 DPT=5901 WINDOW=14600 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=203.81.218.26 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=18817 DF PROTO=TCP SPT=53165 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=61.231.88.9 DST=RED.AC.TE.D7 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=27348 DF PROTO=TCP SPT=2351 DPT=21320 WINDOW=64240 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=61.231.88.9 DST=RED.AC.TE.D7 LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=27633 DF PROTO=TCP SPT=2535 DPT=21320 WINDOW=64240 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=61.231.88.9 DST=RED.AC.TE.D7 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=27885 DF PROTO=TCP SPT=2991 DPT=21320 WINDOW=64240 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=61.231.88.9 DST=RED.AC.TE.D7 LEN=48 TOS=0x00 PREC=0x00 TTL=106 ID=28164 DF PROTO=TCP SPT=3263 DPT=21320 WINDOW=64240 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=202.22.205.143 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=42234 DF PROTO=TCP SPT=46477 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=202.22.205.143 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=53374 DF PROTO=TCP SPT=59065 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=203.156.144.209 DST=RED.AC.TE.D7 LEN=60 TOS=0x1C PREC=0x80 TTL=39 ID=49367 DF PROTO=TCP SPT=50980 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=190.85.75.138 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=25203 DF PROTO=TCP SPT=38334 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=222.234.2.135 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=21694 DF PROTO=TCP SPT=59537 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=113.30.103.3 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=26068 DF PROTO=TCP SPT=58828 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=94.102.48.167 DST=RED.AC.TE.D7 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=54321 PROTO=TCP SPT=39940 DPT=21320 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=218.38.136.112 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=58848 DF PROTO=TCP SPT=48292 DPT=5901 WINDOW=14600 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=202.79.21.207 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=27214 DF PROTO=TCP SPT=56236 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=112.216.59.131 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=34878 DF PROTO=TCP SPT=52413 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=221.139.50.11 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=27277 DF PROTO=TCP SPT=45874 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=58.225.75.154 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=57377 DF PROTO=TCP SPT=33146 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=1.224.59.67 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=57160 DF PROTO=TCP SPT=37253 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=1.224.59.67 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=60450 DF PROTO=TCP SPT=21452 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=218.38.136.112 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=7420 DF PROTO=TCP SPT=52963 DPT=5901 WINDOW=14600 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=61.175.103.98 DST=RED.AC.TE.D8 LEN=40 TOS=0x00 PREC=0x00 TTL=100 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=61.175.103.98 DST=RED.AC.TE.D7 LEN=40 TOS=0x00 PREC=0x00 TTL=101 ID=256 PROTO=TCP SPT=6000 DPT=1433 WINDOW=16384 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=221.141.2.48 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=57613 DF PROTO=TCP SPT=33657 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=112.216.59.131 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=19047 DF PROTO=TCP SPT=43128 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=1.226.83.185 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=33745 DF PROTO=TCP SPT=34406 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=14.17.35.181 DST=RED.AC.TE.D7 LEN=40 TOS=0x00 PREC=0x00 TTL=41 ID=0 DF PROTO=TCP SPT=22207 DPT=1723 WINDOW=8192 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=14.17.35.181 DST=RED.AC.TE.D8 LEN=40 TOS=0x00 PREC=0x00 TTL=39 ID=0 DF PROTO=TCP SPT=22201 DPT=1723 WINDOW=8192 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=183.60.48.25 DST=RED.AC.TE.D7 LEN=48 TOS=0x00 PREC=0x00 TTL=42 ID=1359 DF PROTO=TCP SPT=56804 DPT=1723 WINDOW=64240 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=183.60.48.25 DST=RED.AC.TE.D8 LEN=48 TOS=0x00 PREC=0x00 TTL=41 ID=34689 DF PROTO=TCP SPT=10691 DPT=1723 WINDOW=64240 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=211.49.171.161 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=14011 DF PROTO=TCP SPT=49799 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=221.141.153.5 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=17831 DF PROTO=TCP SPT=36183 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=1.226.83.185 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=33141 DF PROTO=TCP SPT=51582 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=116.127.121.83 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=60707 DF PROTO=TCP SPT=49435 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=202.4.96.219 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=25806 DF PROTO=TCP SPT=40921 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=221.141.153.5 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=11463 DF PROTO=TCP SPT=43582 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=116.122.37.81 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=36269 DF PROTO=TCP SPT=58901 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=203.156.144.209 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=14058 DF PROTO=TCP SPT=59454 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=61.175.103.98 DST=RED.AC.TE.D7 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=28264 DF PROTO=TCP SPT=5140 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=61.175.103.98 DST=RED.AC.TE.D8 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=28263 DF PROTO=TCP SPT=5139 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=222.234.2.135 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=64592 DF PROTO=TCP SPT=47567 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=202.79.21.207 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=9774 DF PROTO=TCP SPT=57898 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=61.175.103.98 DST=RED.AC.TE.D7 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=100 DF PROTO=TCP SPT=5140 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=61.175.103.98 DST=RED.AC.TE.D8 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=99 DF PROTO=TCP SPT=5139 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=61.175.103.98 DST=RED.AC.TE.D7 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=11702 DF PROTO=TCP SPT=5140 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=61.175.103.98 DST=RED.AC.TE.D8 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=11701 DF PROTO=TCP SPT=5139 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=203.81.218.26 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=42 ID=64446 DF PROTO=TCP SPT=40965 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=61.175.103.98 DST=RED.AC.TE.D7 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=18900 DF PROTO=TCP SPT=5140 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=61.175.103.98 DST=RED.AC.TE.D8 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=18898 DF PROTO=TCP SPT=5139 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=203.156.144.207 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=39 ID=43482 DF PROTO=TCP SPT=39727 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=113.30.103.3 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=43 ID=60939 DF PROTO=TCP SPT=51513 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=211.172.241.54 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=42002 DF PROTO=TCP SPT=47979 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=61.175.103.98 DST=RED.AC.TE.D7 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=8896 DF PROTO=TCP SPT=5140 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=61.175.103.98 DST=RED.AC.TE.D8 LEN=48 TOS=0x00 PREC=0x00 TTL=109 ID=8895 DF PROTO=TCP SPT=5139 DPT=1433 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=190.85.75.138 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=50 ID=25389 DF PROTO=TCP SPT=48410 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=218.237.50.11 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=32749 DF PROTO=TCP SPT=55996 DPT=5901 WINDOW=14600 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=1.226.250.151 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=19129 DF PROTO=TCP SPT=43718 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=202.4.96.219 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=39 ID=29859 DF PROTO=TCP SPT=33403 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=1.226.250.151 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=44 ID=30324 DF PROTO=TCP SPT=54546 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=116.127.121.83 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=11342 DF PROTO=TCP SPT=42854 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=1.224.59.67 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=50175 DF PROTO=TCP SPT=32208 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=221.141.2.48 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=28598 DF PROTO=TCP SPT=38630 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=1.224.59.67 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=47 ID=64098 DF PROTO=TCP SPT=35636 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=77.75.86.148 DST=RED.AC.TE.D8 LEN=48 TOS=0x00 PREC=0x00 TTL=114 ID=21979 DF PROTO=TCP SPT=40196 DPT=5900 WINDOW=65535 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=221.139.50.11 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=32635 DF PROTO=TCP SPT=38781 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=198.20.70.114 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=16239 DF PROTO=TCP SPT=46388 DPT=23 WINDOW=14600 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=211.49.171.161 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=4611 DF PROTO=TCP SPT=52098 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=211.172.241.54 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=31305 DF PROTO=TCP SPT=53788 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=1.237.57.61 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=32353 DF PROTO=TCP SPT=41103 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=1.237.57.61 DST=RED.AC.TE.D7 LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=28539 DF PROTO=TCP SPT=42368 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0
IN=ppp0 OUT= MAC= SRC=58.225.75.154 DST=RED.AC.TE.D8 LEN=60 TOS=0x00 PREC=0x00 TTL=45 ID=3616 DF PROTO=TCP SPT=54980 DPT=5901 WINDOW=5840 RES=0x00 SYN URGP=0