[NBLUG/talk] SuSEFirewall2 How to read the log file?
augie
augie at schwer.us
Fri Jul 11 10:21:01 PDT 2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Micxz (lovedialup.com) wrote:
> I'm looking at my messages log and and am a bit lost in it's output:
> Jul 10 21:27:40 mars kernel: SuSE-FW-DROP-DEFAULT IN=ppp0 OUT= MAC=
> SRC=200.52.172.13 DST=66.xxx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=110
> ID=9313 DF PROTO=TCP SPT=2716 DPT=2723 WINDOW=16384 RES=0x00 SYN
> URGP=0 OPT (0204056401010402)
[...]
> Can you guys help me is the way to read the rest of the info? And are
> there some theories on why random PC's are trying to connect to our
> linux boxes? (usually three packets at a time.)
i usually look at the 'DPT' (destination port) so i can get an idea of
what this machine is looking for on my machine.
http://www.iana.org/assignments/port-numbers
"watchdognt 2723/tcp WatchDog NT"
from the information you gave i would assume they are looking for the
watchdog nt service on your machine. maybe there is some specific
vulnerability they are looking for, or maybe it is just someone on the
other end who doesn't know what they are doing, and it is an errant packet.
augie.
- --
irc.nblug.org #nblug
registered linux user #229905
gpg public key: http://www.schwer.us/schwer.asc
Key fingerprint = 9815 AE19 AFD1 1FE7 5DEE 2AC3 CB99 2784 27B0 C072
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQE/DvJvy5knhCewwHIRAnT+AJ4ylG1QAPRNbgpelJy7X0DZQ+RKEACfR2ob
vFUuFRQVWTd4wqF0heyVCkk=
=z93V
-----END PGP SIGNATURE-----
More information about the talk
mailing list