[PLUG] iptables firewalling...

Larry Brigman larry.brigman at gmail.com
Tue Sep 5 17:41:45 UTC 2006 

On 9/4/06, plug_0 at robinson-west.com <plug_0 at robinson-west.com> wrote:
> Here is the excerpt of interest:
>
> Sep  4 11:30:40 goose kernel: iptables INPUT u: IN=eth3 OUT=
> MAC=00:03:47:bd:6c:a8:00:00:0c:73:6a:54:08:00 SRC=17.9.186.186
> DST=209.210.202.172 LEN=715 TOS=0x00 PREC=0x00 TTL=48 ID=17852 PROTO=UDP
> SPT=45604 DPT=1025 LEN=695
> Sep  4 11:30:40 goose kernel: iptables INPUT u: IN=eth3 OUT=
> MAC=00:03:47:bd:6c:a8:00:00:0c:73:6a:54:08:00 SRC=17.9.186.186
> DST=209.210.202.172 LEN=715 TOS=0x00 PREC=0x00 TTL=48 ID=17853 PROTO=UDP
> SPT=45604 DPT=1026 LEN=695
> Sep  4 11:30:40 goose kernel: iptables INPUT u: IN=eth3 OUT=
> MAC=00:03:47:bd:6c:a8:00:00:0c:73:6a:54:08:00 SRC=17.9.186.186
> DST=209.210.202.172 LEN=715 TOS=0x00 PREC=0x00 TTL=48 ID=17855 PROTO=UDP
> SPT=45604 DPT=1028 LEN=695
> Sep  4 11:30:40 goose kernel: iptables INPUT u: IN=eth3 OUT=
> MAC=00:03:47:bd:6c:a8:00:00:0c:73:6a:54:08:00 SRC=17.9.186.186
> DST=209.210.202.172 LEN=715 TOS=0x00 PREC=0x00 TTL=48 ID=17856 PROTO=UDP
> SPT=45604 DPT=1029 LEN=695
> Sep  4 11:30:40 goose kernel: iptables INPUT u: IN=eth3 OUT=
> MAC=00:03:47:bd:6c:a8:00:00:0c:73:6a:54:08:00 SRC=17.9.186.186
> DST=209.210.202.174 LEN=715 TOS=0x00 PREC=0x00 TTL=48 ID=10446 PROTO=UDP
> SPT=45604 DPT=1025 LEN=695
>
whois 17.9.186.186
[Querying whois.arin.net]
[whois.arin.net]

OrgName:    Apple Computer, Inc.
OrgID:      APPLEC-3
Address:    20740 Valley Green Drive, MS32E
City:       Cupertino
StateProv:  CA
PostalCode: 95014
Country:    US

NetRange:   17.0.0.0 - 17.255.255.255
CIDR:       17.0.0.0/8
NetName:    APPLE-WWNET
NetHandle:  NET-17-0-0-0-1
Parent:
NetType:    Direct Assignment
NameServer: NSERVER.APPLE.COM
NameServer: NSERVER2.APPLE.COM
NameServer: NSERVER.EURO.APPLE.COM
NameServer: NSERVER.ASIA.APPLE.COM
Comment:
RegDate:    1990-04-16
Updated:    2000-05-23

RTechHandle: ZA42-ARIN
RTechName:   Apple Computer, Inc.
RTechPhone:  +1-408-974-7777
RTechEmail:  Apple-NOC at apple.com

Someone at Apple thinks you have something of value on your machine.

More information about the PLUG mailing list