LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-01-2003, 08:10 PM   #1
thetwin
Member
 
Registered: Feb 2003
Distribution: Linux RedHat 7.2
Posts: 47

Rep: Reputation: 15
Log messages


Hi All

I wonder if someone could tell me what this output means in my logs. Or point me in the direction to find the info. There are somethings that are obvious and I understand however some of the abreviations escape me. I think this was a scan attempt but I'm not sure.....i have changed some numbers to protect the ignorant me.

Mar 1 17:18:23 Kernel: INPUT_DROP: IN=eth0 OUT= MAC=00:00:YY:YY:YY:YY SRC: 200:45:111:111 DST=00:00:0:000
LEN=78 TOS=0x00 PREC=0xOO TTL=106 ID=13333 PROTO=UDP
SPT=33033 DPT=137 LEN=58


Thanks
 
Old 03-01-2003, 08:33 PM   #2
fancypiper
LQ Guru
 
Registered: Feb 2003
Location: Sparta, NC USA
Distribution: Ubuntu 10.04
Posts: 5,141

Rep: Reputation: 58
I think someone is scanning your system. Do you have Portsentry installed?

Last edited by fancypiper; 03-01-2003 at 08:38 PM.
 
Old 03-01-2003, 08:46 PM   #3
macewan
Senior Member
 
Registered: Jan 2002
Distribution: Ubuntu, Debian
Posts: 1,055
Blog Entries: 1

Rep: Reputation: 45
http://www.linuxquestions.org/questi...threadid=46220
 
Old 03-01-2003, 09:45 PM   #4
thetwin
Member
 
Registered: Feb 2003
Distribution: Linux RedHat 7.2
Posts: 47

Original Poster
Rep: Reputation: 15
Not yet but I just looked at the Portsentry page and will try to install it. I thought it was a scan attempt. I am on cable and it happens quite a bit. I am trying to use Redhat 7.2 as a firewall and I installed iptables and this output come up in the log files. I am just learning Linux.

Cheers
 
Old 03-01-2003, 09:52 PM   #5
fancypiper
LQ Guru
 
Registered: Feb 2003
Location: Sparta, NC USA
Distribution: Ubuntu 10.04
Posts: 5,141

Rep: Reputation: 58
I think Redhat installs Tripwire by default, but it isn't configured or started iirc.
 
Old 03-01-2003, 09:55 PM   #6
thetwin
Member
 
Registered: Feb 2003
Distribution: Linux RedHat 7.2
Posts: 47

Original Poster
Rep: Reputation: 15
Was just reading about portsentry, it seems that this would be a good program to add to the firewall. As soon as I connect the firewall to the net it starts getting scanned. I thought I read somewhere that cable is known for this
 
Old 03-01-2003, 10:01 PM   #7
fancypiper
LQ Guru
 
Registered: Feb 2003
Location: Sparta, NC USA
Distribution: Ubuntu 10.04
Posts: 5,141

Rep: Reputation: 58
The internet is known for this. Cable is just faster at getting scanned than dialup.
 
Old 03-01-2003, 10:04 PM   #8
thetwin
Member
 
Registered: Feb 2003
Distribution: Linux RedHat 7.2
Posts: 47

Original Poster
Rep: Reputation: 15
Had Redhat 6.2 firewall on DSL and it was fine, hooked it up to cable and within 1 week someone from Romainia or using a server in Romainia hacked in and changed the root passwd. I guess it wasn't all that secure of a firewall. Trying to learn as much as I can now before hooking this one up
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
what does messages suppressed in /var/log/messages mean saavik Linux - Networking 2 05-07-2008 02:31 PM
Redirecting the kernel messages to file other than /var/log/messages jyotika_b83 Linux - General 3 04-28-2005 06:39 PM
From where am i getting error messages to /var/log/messages? prabhuacsp Linux - Networking 1 02-16-2005 12:34 AM
/var/log/messages full of these messages. Should I be concerned? mdavis Linux - Security 5 04-16-2004 10:08 AM
syslog and firestarter - log messages to another file than messages mule Linux - Newbie 0 08-07-2003 03:35 AM


All times are GMT -5. The time now is 02:23 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration