Log entry question. What did Microsoft do with my Linux kernel?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Log entry question. What did Microsoft do with my Linux kernel?
I have Fedora Core 1 installed, and to make myself better at security I have startet to read the logs. But the following log piece I have no idea what means.
OrgName: Microsoft Corp
OrgID: MSFT
Address: One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country: US
etc etc
Soo... Now I wonder what this log entry means I have not seen this one before, and searching this forum for it did not help me. What does Microsoft want with my Linux machine?
It's a request via port 80 from 65.54.194.118 to 192.168.1.103. So you have port 80 open. Are you running an internet server? It may not be anything sinister at all, as many organisations including M$ run crawlers, spiders etc. If port 80 is open then they will investigate to see if they get a response to a http request. If you are running a router it also suggests that it is forwarding port 80 as well. If you don't run a service on port 80 then close it and also stop forwarding on the router.
Originally posted by TigerOC It's a request via port 80 from 65.54.194.118 to 192.168.1.103. So you have port 80 open. Are you running an internet server?
Wrong way. The *source* port is 80 meaning that this is a response, not a request.
Bjork, did you recently try to vist any MS sites? The logs you posted are created by violations of your IPTABLES ruleset. The specific violations would seem to indicate that your system requested a web page from a Microsoft server, but your firewall blocked the response packets.
Um. Yeah. Running a family web server on the Linux (not used much), but it is not on port 80 though... It is using port 8081 or something. Port 80 on my machine is closed on my Linux server (well. Firestarter says so anyway)
On the same router, I have a XP home computer connected, with Apache web server using port 80 (backup copy in case something happens to my Linux machine). Maybe the router got confused or something and sent the packet to the linux instead of the XP machine. At 02:39... Was sleeping then... Anyway... Must have been a crawler or something. The Linux box still works (as allways), and hopefully it stays like that...
Anyway... wish the logs weren't so cryptic.. My first gues would not have been it was a firewall warning message. Looks like my XP have been infected by something again. The router lights up all the time, and something is downloading to my machine, and I have no idea where to check what is downloading. Hopefully it is just windows update...
But thanks for the replies. Now I know what a firewall message looks like.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.