Log messages
 

Hi All

I wonder if someone could tell me what this output means in my logs. Or point me in the direction to find the info. There are somethings that are obvious and I understand however some of the abreviations escape me. I think this was a scan attempt but I'm not sure.....i have changed some numbers to protect the ignorant :) me.

Mar 1 17:18:23 Kernel: INPUT_DROP: IN=eth0 OUT= MAC=00:00:YY:YY:YY:YY SRC: 200:45:111:111 DST=00:00:0:000
LEN=78 TOS=0x00 PREC=0xOO TTL=106 ID=13333 PROTO=UDP
SPT=33033 DPT=137 LEN=58


Thanks

I think someone is scanning your system. Do you have Portsentry installed?

Not yet but I just looked at the Portsentry page and will try to install it. I thought it was a scan attempt. I am on cable and it happens quite a bit. I am trying to use Redhat 7.2 as a firewall and I installed iptables and this output come up in the log files. I am just learning Linux.

Cheers

I think Redhat installs Tripwire by default, but it isn't configured or started iirc.

Was just reading about portsentry, it seems that this would be a good program to add to the firewall. As soon as I connect the firewall to the net it starts getting scanned. I thought I read somewhere that cable is known for this

The internet is known for this. Cable is just faster at getting scanned than dialup. :D

Had Redhat 6.2 firewall on DSL and it was fine, hooked it up to cable and within 1 week someone from Romainia or using a server in Romainia hacked in and changed the root passwd. I guess it wasn't all that secure of a firewall. Trying to learn as much as I can now before hooking this one up