LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 08-09-2005, 03:28 PM   #1
kenneho
Member
 
Registered: May 2003
Location: Oslo, Norway
Distribution: Ubuntu, Red Hat Enterprise Linux
Posts: 655

Rep: Reputation: 40
Strange messages in console


Messages like this(under) keep appearing in tty6 (ctr+alt+F6), tty5 and so forth. Even during boot these appear.

Aug 9 21:52:43 localhost kernel: DROPPED IN=eth0 OUT= MAC=ff:ff:ff:ff:ff:ff:00:c0:08:40:c8:42:18:00 SRC=30.344.15.240 DST=30.344.15.255 LEN=220 TOS=0x00 PREC=0x00 TTL=128 ID=10622 PROTO=UDP SPT=138 DPT=138 LEN=200


These messages evidently has something to do with my ethernet-interface, but what? And why are they appearing during startup etc?

There was another thread here on linuxquestions that discussed the same subject, and one theory was that it was some kind of virus or worm on the LAN that made the machines ping my machine to search for vulnerable machines to attack. Is this right? It looks like the sources(SRC=***) are different machines on the LAN, but is the theory correct?
Anyways, how can I stop these messages from filling up my /var/log/messages-file, and consoles?
 
Old 08-09-2005, 03:55 PM   #2
leonscape
Senior Member
 
Registered: Aug 2003
Location: UK
Distribution: Debian SID / KDE 3.5
Posts: 2,313

Rep: Reputation: 47
These look like firewall messages from iptables. Its basically telling you that it caught stuff trying to talk to the NETBIOS port and dropped them.
 
Old 08-09-2005, 04:15 PM   #3
kenneho
Member
 
Registered: May 2003
Location: Oslo, Norway
Distribution: Ubuntu, Red Hat Enterprise Linux
Posts: 655

Original Poster
Rep: Reputation: 40
I see.

But how can I stop the console output?
 
Old 08-09-2005, 04:34 PM   #4
leonscape
Senior Member
 
Registered: Aug 2003
Location: UK
Distribution: Debian SID / KDE 3.5
Posts: 2,313

Rep: Reputation: 47
You need to set the Linux kernel logging level, try 3.

dmesg -n5

or you can use ulogd which you can use to redirect the messages. Or if you use something like Guarddog, or shorewall to setup you firewall, they usually have options to either suppress or redirect these messages.

Last edited by leonscape; 08-09-2005 at 04:36 PM.
 
Old 08-09-2005, 05:21 PM   #5
Brian1
Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 61
The line is an output from the iptables or also know as your firewall.

The logs are sent to the /dev/console when they pop up becuase more that likely in your /etc/syslogd.conf contains something like this.

Code:
kern.*							/dev/console
To stop it you will need to stop the syslogd daemon. normally in redhat/fc* I use the command minus the ' ' as ' service syslogd stop '. Now as root edit /etc/syslogd and add a ' # ' infront of the line and save it. Example
Code:
#kern.*							/dev/console
Or one could change the level of kern to say kern.error. Example
Code:
#kern.error							/dev/console
Reason is most iptables defualt logging level is usually kern.warning some times kern.notice which are both lower level signals. This can be defined in the firewall script. So what will happen now is there will only be a display like above from apps sending to the kern at error or higher level.

This is the what kern levels are with the first being least important to top priorty. kern.debug, kern.info, kern.notice, kern.warning, kern.error, kern.crit, kern.alert, kern.panic.

Now what will happen if a siganl is sent as kern.warning or lower it will not be displayed. So if there one sent in the lower range you will not see it.

Once edited restart syslogd ' service syslogd start '.

If you wish not to mess with that and you know where your iptables script is then remove the -j LOG at the end of the lines.

Hope this helps
Brian1

Last edited by Brian1; 08-09-2005 at 08:06 PM.
 
Old 08-11-2005, 07:00 PM   #6
kenneho
Member
 
Registered: May 2003
Location: Oslo, Norway
Distribution: Ubuntu, Red Hat Enterprise Linux
Posts: 655

Original Poster
Rep: Reputation: 40
I configured my firewall (Guarddog) to not log blocked packets, and the rubbish output has stopped. Accidentally, I also executed the "dmesg" command. What exactly does dmesg do?
 
Old 08-12-2005, 03:23 PM   #7
Brian1
Guru
 
Registered: Jan 2003
Location: Seymour, Indiana
Distribution: Distribution: RHEL 5 with Pieces of this and that. Kernel 2.6.23.1, KDE 3.5.8 and KDE 4.0 beta, Plu
Posts: 5,700

Rep: Reputation: 61
This ought to explain it. http://linuxgazette.net/issue59/nazario.html

Brian1
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange messages redneon Linux - General 16 08-10-2005 09:27 AM
Strange messages tuxunkhamon Linux - Wireless Networking 1 05-30-2005 10:49 AM
network - strange console messages on dmesg ganja_guru Linux - Software 4 01-18-2005 05:58 AM
Strange console messages fweaver Linux - Security 4 12-27-2002 09:29 AM
Console Messages bfloeagle Linux - General 6 06-30-2001 02:41 PM


All times are GMT -5. The time now is 04:01 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration