2 Oct
2002
2 Oct
'02
22:16
I'll break it down for you
Oct 3 07:34:12 Gringo kernel: SuSE-FW-DROP Header
IN=ippp0 Connection from ippp0 ( I assume this is your public connection)
SRC=80.59.176.41 DST=150.101.6.219 Self explanitory IP 80.59.176.41 is connecting to 150.101.6.219
LEN=48 TOS=0x00 PREC=0x00
TTL=103 ID=33501 DF PROTO=TCP SPT=54286 DPT=139 WINDOW=8192 RES=0x00 SYN URGP=0 OPT
It's trying to establish a connection to port 139. typically these are signs Of nimda making its way around the net. See the link below for more info And a really nice log analysis tool. http://logi.cc/linux/NetfilterLogAnalyzer.php3#1