Firewall log

From: BB (b.barba_at_ANTISPAMlibero.it)
Date: 07/30/03

Next message: Denice DEATRICH: "Re: Restricitng SSH for CVS user"
Previous message: James Riden: "Re: Security Tools RoundUp"
Next in thread: David: "Re: Firewall log"
Reply: David: "Re: Firewall log"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 30 Jul 2003 12:30:48 +0200

Hi!
I have an iptables based firewall on linux... Analyzing the log, I've
notice that there is a pc in my lan that try to communicate with
strange address... I cannot access to this pc easily, therefore I want
to know more about this log.

The log:
Jul 29 08:14:48 linux kernel: TCP killed:IN=eth0 OUT=eth1 SRC=X.X.X.X
DST=66.93.144.242 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=42255 DF
PROTO=TCP SPT=1064 DPT=139 WINDOW=8192 RES=0x00 SYN URGP=0

Jul 29 08:15:38 linux kernel: UDP killed:IN=eth0 OUT=eth1 SRC=X.X.X.X
DST=66.150.161.136 LEN=78 TOS=0x00 PREC=0x00 TTL=127 ID=45327
PROTO=UDP SPT=137 DPT=137 LEN=58

Jul 29 08:15:44 linux kernel: TCP killed:IN=eth0 OUT=eth1 SRC=X.X.X.X
DST=66.150.161.134 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=46863 DF
PROTO=TCP SPT=1066 DPT=139 WINDOW=8192 RES=0x00 SYN URGP=0

Jul 30 08:43:01 linux kernel: TCP killed:IN=eth0 OUT=eth1 SRC=X.X.X.X
DST=66.93.144.242 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=14343 DF
PROTO=TCP SPT=1076 DPT=139 WINDOW=8192 RES=0x00 SYN URGP=0

Jul 30 09:09:23 linux kernel: UDP killed:IN=eth0 OUT=eth1 SRC=X.X.X.X
DST=66.150.161.133 LEN=78 TOS=0x00 PREC=0x00 TTL=127 ID=217 PROTO=UDP
SPT=137 DPT=137 LEN=58

Jul 30 09:11:01 linux kernel: TCP killed:IN=eth0 OUT=eth1 SRC=X.X.X.X
DST=66.150.161.135 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=61146 DF
PROTO=TCP SPT=1533 DPT=139 WINDOW=8192 RES=0x00 SYN URGP=0

Jul 30 09:20:08 linux kernel: TCP killed:IN=eth0 OUT=eth1 SRC=X.X.X.X
DST=66.150.161.134 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=59105 DF
PROTO=TCP SPT=1998 DPT=139 WINDOW=8192 RES=0x00 SYN URGP=0

For example, ip 66.93.144.242 is registered to ns1.derver2.com... The
interested port are 139 and 137... what about this?
Thank you

Next message: Denice DEATRICH: "Re: Restricitng SSH for CVS user"
Previous message: James Riden: "Re: Security Tools RoundUp"
Next in thread: David: "Re: Firewall log"
Reply: David: "Re: Firewall log"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Firewall log
... Analyzing the log, I've ... notice that there is a pc in my lan that try to communicate with ... strange address... ...
(comp.security.firewalls)
No internet access
... My problem is strange and got me quite baffled. ... On my LAN ... I've got 3 computers running DSL through a US Robotics ... changed network cables and ports on the router. ...
(microsoft.public.windowsxp.help_and_support)
Re: n-Tier development
... > What does it change when I communicate on whatever line to a middle Tier ... > DataServer or direct to the EndDataServer? ... dataset-wth-changes in one network call over the LAN. ...
(microsoft.public.dotnet.general)
Strange natd problem.
... At home I have a standard lan adsl setup. ... The natd setup here is what you would expect, 1 IP address and several clients. ... the firwall for the quake server has the following pertainent rules. ... Here is the strange bit... ...
(freebsd-questions)
Re: IP assignment by DHCP failure
... If you are Chris, the original poster, ... work on his LAN. ... communicate with local computers), he should be able to connect through ... Ethernet encapsulations with a MTU of the ...
(microsoft.public.windowsxp.network_web)