Firewall Logs

Article

Correlation between telus dhcp renewal (daemon.log) and gaps in firewall log (kern.log)

Mar 15 20:54:48 firewall dhclient: DHCPREQUEST on eth2 to 255.255.255.255 port 67
Mar 15 20:54:48 firewall dhclient: DHCPACK from 216.232.128.254
daemon.log.3:Mar 15 20:54:48 firewall dhclient: bound to 216.232.166.43 — renewal in 172567 seconds.
Mar 15 20:52:43 firewall kernel: Dropwall:IN=eth2 OUT= MAC=00:60:97:93:1c:52:00:
03:42:6b:00:45:08:00 SRC=209.187.118.2 DST=216.232.155.135 LEN=1083 TOS=0x08 PRE
C=0x20 TTL=113 ID=52838 PROTO=UDP SPT=2299 DPT=1026 LEN=1063
Mar 16 07:57:52 firewall kernel: Dropwall:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:
e0:29:27:5f:b7:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00
TTL=128 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=308

 
Mar 19 20:42:25 firewall dhclient: DHCPREQUEST on eth2 to 255.255.255.255 port 67
Mar 19 20:42:25 firewall dhclient: DHCPACK from 216.232.128.254
daemon.log.3:Mar 19 20:42:25 firewall dhclient: bound to 216.232.166.43 — renewal in 141038 seconds.
Mar 19 20:39:36 firewall kernel: Dropwall:IN=eth2 OUT= MAC=00:60:97:93:1c:52:00:
03:42:6b:00:45:08:00 SRC=216.232.155.178 DST=216.232.155.135 LEN=48 TOS=0x08 PRE
C=0x20 TTL=128 ID=46163 DF PROTO=TCP SPT=4597 DPT=445 WINDOW=64240 RES=0x00 SYN
URGP=0
Mar 21 20:14:04 firewall kernel: Dropwall:IN=eth2 OUT= MAC=00:60:97:93:1c:52:00:
03:42:6b:00:45:08:00 SRC=216.232.128.254 DST=216.232.155.135 LEN=334 TOS=0x08 PR
EC=0x20 TTL=64 ID=58656 PROTO=UDP SPT=67 DPT=68 LEN=314
Mar 23 08:42:27 firewall dhclient: DHCPREQUEST on eth2 to 255.255.255.255 port 67
Mar 23 08:42:27 firewall dhclient: DHCPACK from 216.232.128.254
daemon.log.2:Mar 23 08:42:27 firewall dhclient: bound to 216.232.166.43 — renewal in 134508 seconds.
Mar 23 08:39:15 firewall kernel: Dropwall:IN=eth2 OUT=
Mar 23 08:39:18 firewall kernel: Dropwall:IN=eth2 OUT=
Mar 23 08:39:24 firewall kernel: Dropwall:IN=eth2 OUT=
Mar 23 08:39:45 firewall kernel: Dropwall:IN=eth2 OUT=
Mar 23 08:47:50 firewall kernel: Dropwall:IN=eth0 OUT=

 

Mar 26 21:08:14 firewall dhclient: DHCPREQUEST on eth2 to 255.255.255.255 port 67
Mar 26 21:08:14 firewall dhclient: DHCPACK from 216.232.128.254
daemon.log.2:Mar 26 21:08:14 firewall dhclient: bound to 216.232.131.115 — renewal in 145472 seconds.
Mar 26 21:07:29 firewall kernel: Dropwall:IN=eth2 OUT= MAC=00:60:97:93:1c:52:00:
03:42:6b:00:45:08:00 SRC=193.244.88.121 DST=216.232.155.135 LEN=757 TOS=0x08 PRE
C=0x20 TTL=111 ID=46429 PROTO=UDP SPT=16171 DPT=1026 LEN=737
Mar 27 14:09:18 firewall kernel: Dropwall:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:
a0:83:30:00:25:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00
TTL=128 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=308

 

 

Mar 30 10:48:32 firewall dhclient: DHCPREQUEST on eth2 to 255.255.255.255 port 67
Mar 30 10:48:32 firewall dhclient: DHCPACK from 216.232.128.254
daemon.log.1:Mar 30 10:48:32 firewall dhclient: bound to 216.232.131.115 — renewal in 168337 seconds.
Mar 29 21:21:18 firewall kernel: Dropwall:IN=eth2 OUT= MAC=00:60:97:93:1c:52:00:
03:42:6b:00:45:08:00 SRC=65.39.180.43 DST=216.232.155.135 LEN=73 TOS=0x08 PREC=0
x20 TTL=58 ID=26432 DF PROTO=UDP SPT=27870 DPT=8000 LEN=53
Mar 30 11:14:15 firewall kernel: klogd 1.4.1#10, log source = /proc/kmsg started
Apr  2 23:14:37 firewall dhclient: DHCPREQUEST on eth2 to 255.255.255.255 port 67
Apr  2 23:14:37 firewall dhclient: DHCPACK from 216.232.128.254
daemon.log.1:Apr  2 23:14:37 firewall dhclient: bound to 216.232.131.115 — renewal in 152002 seconds.
Apr  2 23:13:00 firewall kernel: Dropwall:IN=eth2 OUT= MAC=00:60:97:93:1c:52:00:
03:42:6b:00:45:08:00 SRC=216.232.72.149 DST=216.232.155.135 LEN=78 TOS=0x08 PREC
=0x20 TTL=123 ID=49048 PROTO=UDP SPT=1025 DPT=137 LEN=58
Apr  3 08:36:50 firewall kernel: Dropwall:IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:
a0:83:32:11:17:08:00 SRC=0.0.0.0 DST=255.255.255.255 LEN=328 TOS=0x00 PREC=0x00
TTL=128 ID=0 PROTO=UDP SPT=68 DPT=67 LEN=308

 

Apr  9 02:13:37 firewall dhclient: DHCPREQUEST on eth2 to 255.255.255.255 port 6
7
Apr  9 02:13:37 firewall dhclient: DHCPACK from 216.232.128.254
Apr  9 02:13:37 firewall dhclient: bound to 216.232.131.115 — renewal in 156737
seconds.
Apr  9 02:06:25 firewall kernel: Dropwall:IN=eth2 OUT= MAC=00:60:97:93:1c:52:00:
03:42:6b:00:45:08:00 SRC=62.134.68.200 DST=216.232.155.135 LEN=48 TOS=0x08 PREC=
0x20 TTL=109 ID=9588 DF PROTO=TCP SPT=3949 DPT=135 WINDOW=8760 RES=0x00 SYN URGP
=0
Apr 11 02:12:47 firewall kernel: Dropwall:IN=eth2 OUT= MAC=00:60:97:93:1c:52:00: