Log messages
Hi All
I wonder if someone could tell me what this output means in my logs. Or point me in the direction to find the info. There are somethings that are obvious and I understand however some of the abreviations escape me. I think this was a scan attempt but I'm not sure.....i have changed some numbers to protect the ignorant :) me. Mar 1 17:18:23 Kernel: INPUT_DROP: IN=eth0 OUT= MAC=00:00:YY:YY:YY:YY SRC: 200:45:111:111 DST=00:00:0:000 LEN=78 TOS=0x00 PREC=0xOO TTL=106 ID=13333 PROTO=UDP SPT=33033 DPT=137 LEN=58 Thanks |
I think someone is scanning your system. Do you have Portsentry installed?
|
|
Not yet but I just looked at the Portsentry page and will try to install it. I thought it was a scan attempt. I am on cable and it happens quite a bit. I am trying to use Redhat 7.2 as a firewall and I installed iptables and this output come up in the log files. I am just learning Linux.
Cheers |
I think Redhat installs Tripwire by default, but it isn't configured or started iirc.
|
Was just reading about portsentry, it seems that this would be a good program to add to the firewall. As soon as I connect the firewall to the net it starts getting scanned. I thought I read somewhere that cable is known for this
|
The internet is known for this. Cable is just faster at getting scanned than dialup. :D
|
Had Redhat 6.2 firewall on DSL and it was fine, hooked it up to cable and within 1 week someone from Romainia or using a server in Romainia hacked in and changed the root passwd. I guess it wasn't all that secure of a firewall. Trying to learn as much as I can now before hooking this one up
|
All times are GMT -5. The time now is 08:02 AM. |