unknown messages
 

i was just wondering what this message means that i am receiving on my Mandrake 8.1 machine
It would be great if anyone could answer this question

auditin=ppp0 out= mac= src=147.102.35.52 dst=61.9.133.9 len=40 tos=0*00 prec=0*00 id=39426 proto=tcp spt=21 window=1028 res=0*00 syn fin urgp=0

it would be really cool if someone could break down this message as i am receiving it about every 6 or so hours and i am not sure what is exactly going on..thanks

Are you running a firewall of some kind? This looks like a message that would be logging either an error or an attack.

auditin=ppp0 device being audited?
out=
mac=
src=147.102.35.52 source ip of the message
dst=61.9.133.9 destination of the msg
(one of these is probably your ip address)
len=40 length of message
tos=0*00
prec=0*00
id=39426
proto=tcp tcp message
spt=21 port 21 (ftp)?
window=1028
res=0*00
syn
fin
urgp=0

My best guess would be that someone at "src" is trying to ftp to "dst". I've seen this on cable/dsl ISPs where they attempt to find out if their users are running "illegal" servers of any kind.

By the way 147.102.35.52 is thais.cs.ece.ntua.gr
and 61.9.133.9 is CPE-61-9-133-9.vic.bigpond.net.au

yeah, someone's trying to telnet (or atleast get in via the telnet port) into your machine. but you've not got telnet enable, so that's fine.