Hi all, can anyone shed some light on to these firewall log entries and the messages log entries Jan 14 18:54:45 wolfman kernel: Packet log: input DENY ppp0 PROTO=1 64.94.163.226:8 62.64.169.128:0 L=84 S=0x00 I=335 F=0x0000 T=50 (#131) Jan 14 18:54:45 wolfman kernel: Packet log: input DENY ppp0 PROTO=1 63.251.143.2:8 62.64.169.128:0 L=84 S=0x00 I=12076 F=0x0000 T=48 (#131) Jan 14 18:54:45 wolfman kernel: Packet log: input DENY ppp0 PROTO=1 216.52.125.38:8 62.64.169.128:0 L=84 S=0x00 I=34458 F=0x0000 T=50 (#131) Jan 14 18:54:45 wolfman kernel: Packet log: input DENY ppp0 PROTO=1 216.52.248.222:8 62.64.169.128:0 L=84 S=0x00 I=49103 F=0x0000 T=49 (#131)Jan 14 18:54:45 wolfman kernel: Packet log: input DENY ppp0 PROTO=1 216.52.172.130:8 62.64.169.128:0 L=84 S=0x00 I=1370 F=0x0000 T=49 (#131) Jan 14 18:54:55 wolfman kernel: Packet log: input DENY ppp0 PROTO=1 216.52.85.194:8 62.64.169.128:0 L=84 S=0x00 I=29649 F=0x0000 T=49 (#131) Jan 14 18:54:55 wolfman kernel: Packet log: input DENY ppp0 PROTO=1 216.52.172.130:8 62.64.169.128:0 L=84 S=0x00 I=1520 F=0x0000 T=49 (#131) Jan 14 18:54:55 wolfman kernel: Packet log: input DENY ppp0 PROTO=1 63.251.143.2:8 62.64.169.128:0 L=84 S=0x00 I=12221 F=0x0000 T=48 (#131) Jan 14 18:54:55 wolfman kernel: Packet log: input DENY ppp0 PROTO=1 216.52.44.194:8 62.64.169.128:0 L=84 S=0x00 I=19612 F=0x0000 T=49 (#131) Jan 14 18:54:55 wolfman kernel: Packet log: input DENY ppp0 PROTO=1 216.52.153.130:8 62.64.169.128:0 L=84 S=0x00 I=14678 F=0x0000 T=49 (#131)Jan 14 18:54:55 wolfman kernel: Packet log: input DENY ppp0 PROTO=1 64.94.163.226:8 62.64.169.128:0 L=84 S=0x00 I=474 F=0x0000 T=50 (#131) Jan 14 18:54:55 wolfman kernel: Packet log: input DENY ppp0 PROTO=1 209.155.224.130:8 62.64.169.128:0 L=84 S=0x00 I=20509 F=0x0000 T=40 (#131) Jan 14 18:55:05 wolfman named[313]: refused query on non-query socket from [216.52.85.194].3506 Jan 14 18:55:05 wolfman named[313]: refused query on non-query socket from [216.52.153.130].3682 Jan 14 18:55:05 wolfman named[313]: refused query on non-query socket from [64.94.163.226].3422 Jan 14 18:55:05 wolfman named[313]: refused query on non-query socket from [209.155.224.130].2919 Jan 14 18:55:05 wolfman named[313]: refused query on non-query socket from [216.52.44.194].1247 Jan 14 18:55:05 wolfman named[313]: refused query on non-query socket from [216.52.172.130].3232 Jan 14 18:55:05 wolfman named[313]: refused query on non-query socket from [63.251.143.2].25806 Jan 14 18:55:05 wolfman named[313]: refused query on non-query socket from [216.52.248.222].2502 Jan 14 18:55:05 wolfman named[313]: refused query on non-query socket from [216.52.125.38].9795 Jan 14 18:55:15 wolfman named[313]: refused query on non-query socket from [216.52.85.194].3506 Jan 14 18:55:15 wolfman named[313]: refused query on non-query socket from [216.52.153.130].3682 Jan 14 18:55:15 wolfman named[313]: refused query on non-query socket from [64.94.163.226].3422 Jan 14 18:55:15 wolfman named[313]: refused query on non-query socket from [216.52.44.194].1247 Jan 14 18:55:15 wolfman named[313]: refused query on non-query socket from [209.155.224.130].2919 Jan 14 18:55:15 wolfman named[313]: refused query on non-query socket from [63.251.143.2].25806 Jan 14 18:55:15 wolfman named[313]: refused query on non-query socket from [216.52.172.130].3232 Jan 14 18:55:15 wolfman named[313]: refused query on non-query socket from [216.52.248.222].2502 Jan 14 18:55:15 wolfman named[313]: refused query on non-query socket from [216.52.125.38].9795 snort reports them as: [**] IDS152/Ping BSDtype [**] 01/14-18:54:55.654396 216.52.172.130 -> 62.64.169.128 ICMP TTL:49 TOS:0x0 ID:1520 ID:22384 Seq:41651 ECHO [**] IDS152/Ping BSDtype [**] 01/14-18:54:55.674371 63.251.143.2 -> 62.64.169.128 ICMP TTL:48 TOS:0x0 ID:12221 ID:4905 Seq:35450 ECHO [**] IDS152/Ping BSDtype [**] 01/14-18:54:55.694383 216.52.44.194 -> 62.64.169.128 ICMP TTL:49 TOS:0x0 ID:19612 ID:414 Seq:35927 ECHO [**] IDS152/Ping BSDtype [**] 01/14-18:54:55.764391 216.52.153.130 -> 62.64.169.128 ICMP TTL:49 TOS:0x0 ID:14678 ID:17873 Seq:51298 ECHO [**] IDS152/Ping BSDtype [**] 01/14-18:54:55.784388 64.94.163.226 -> 62.64.169.128 ICMP TTL:50 TOS:0x0 ID:474 ID:19664 Seq:46591 ECHO [**] IDS152/Ping BSDtype [**] 01/14-18:54:55.904389 209.155.224.130 -> 62.64.169.128 ICMP TTL:40 TOS:0x0 ID:20509 ID:23026 Seq:32632 ECHO They usually follow the same format denials and then refusals and are happening more frequently. The list of denials each time gets longer and longer with more machines joining in. The name server that is running is caching only for a small home network. SuSE 6.4 and the firwals package. TIA Alastair Duncan