Problem to understand the meaning of a log of ShoreWall

My ShoreWall generate lots of message (more than 1 per second !) in the
file /var/log/messages

Can any body explain to me what mean this message

Dec 15 01:22:50 lns-th2-4f-XX-YY-ZZ-TT kernel:
Shorewall:net2allROP:IN=eth1 OUT=
MAC=00:07:cb:00:00:ff:00:07:cb:1e:65:dc:08:00 SRC=207.226.112.34
DST=XX.YY.ZZ.TT LEN=53 TOS=0x00 PREC=0x00 TTL=120 ID=14859 PROTO=UDP
SPT=7871 DPT=14809 LEN=33

XX.YY.ZZ.TT is the ip of my computer on interner

On 14 Dec 2005 15:29:21 -0800, didou wrote:
> My ShoreWall generate lots of message (more than 1 per second !) in the
> file /var/log/messages
>
> Can any body explain to me what mean this message
>
> Dec 15 01:22:50 lns-th2-4f-XX-YY-ZZ-TT kernel:
> Shorewall:net2allROP:IN=eth1 OUT=
> MAC=00:07:cb:00:00:ff:00:07:cb:1e:65:dc:08:00 SRC=207.226.112.34
> DST=XX.YY.ZZ.TT LEN=53 TOS=0x00 PREC=0x00 TTL=120 ID=14859 PROTO=UDP
> SPT=7871 DPT=14809 LEN=33

Shorewall rule net2all dropped the connection attempt from
207-226-112-34.btnaccess.net (207.226.112.34) to your firewall.
The attempt was to port 14809 using the UDP protocol.

It can be instructive to read each of the files found in /etc/shorewall.

For extra points
http://www.shorewall.net/Documentation.html

Want to play with the shorwall tables throug gui, install webmin.
Then connect with https:localhost:10000

thanks,

my computer seems to be object of an attack !

more than 1 try by second....

On 16 Dec 2005 08:05:50 -0800, didou wrote:

> my computer seems to be object of an attack !

Attack is a little harsh. I would call it normal attempts by script kiddies.

I used to watch them just to see what contries they came from.

Now I just put the ports in /etc/shorewall/blacklist when they are
frequent or a new piece of malware starts probing a new port.

the SRC and ID (ip and port) change at each line !

may it be a consequence of the usage of mldonkey (peer-to-peer) ?

(to stop mldonkey don't change anything)