Re: Firewall log
From: David (thunderbolt01_at_netscape.net)
Date: 07/30/03
- Previous message: Doug McComber: "Iptables problem"
- In reply to: BB: "Firewall log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 30 Jul 2003 19:32:23 GMT
BB wrote:
>
> The log:
> Jul 29 08:14:48 linux kernel: TCP killed:IN=eth0 OUT=eth1 SRC=X.X.X.X
> DST=66.93.144.242 LEN=48 TOS=0x00 PREC=0x00 TTL=127 ID=42255 DF
> PROTO=TCP SPT=1064 DPT=139 WINDOW=8192 RES=0x00 SYN URGP=0
>
> Jul 29 08:15:38 linux kernel: UDP killed:IN=eth0 OUT=eth1 SRC=X.X.X.X
> DST=66.150.161.136 LEN=78 TOS=0x00 PREC=0x00 TTL=127 ID=45327
> PROTO=UDP SPT=137 DPT=137 LEN=58
>
> For example, ip 66.93.144.242 is registered to ns1.derver2.com... The
> interested port are 139 and 137... what about this?
Those ports are used for Netbios which is a Windows protocol so
you can drop ports 137:139 and not log it if you don't want you
logs to fill up.
-- Confucius: He who play in root, eventually kill tree. Registered with The Linux Counter. http://counter.li.org/ Slackware 9.0 Kernel 2.4.21 i686 (GCC) 3.3 Uptime: 13 days, 14:32, 1 user, load average: 1.22, 1.14, 1.17
- Previous message: Doug McComber: "Iptables problem"
- In reply to: BB: "Firewall log"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
