Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i was just wondering what this message means that i am receiving on my Mandrake 8.1 machine
It would be great if anyone could answer this question
auditin=ppp0 out= mac= src=147.102.35.52 dst=61.9.133.9 len=40 tos=0*00 prec=0*00 id=39426 proto=tcp spt=21 window=1028 res=0*00 syn fin urgp=0
it would be really cool if someone could break down this message as i am receiving it about every 6 or so hours and i am not sure what is exactly going on..thanks
Are you running a firewall of some kind? This looks like a message that would be logging either an error or an attack.
auditin=ppp0 device being audited?
out=
mac=
src=147.102.35.52 source ip of the message
dst=61.9.133.9 destination of the msg
(one of these is probably your ip address)
len=40 length of message
tos=0*00
prec=0*00
id=39426
proto=tcp tcp message
spt=21 port 21 (ftp)?
window=1028
res=0*00
syn
fin
urgp=0
My best guess would be that someone at "src" is trying to ftp to "dst". I've seen this on cable/dsl ISPs where they attempt to find out if their users are running "illegal" servers of any kind.
By the way 147.102.35.52 is thais.cs.ece.ntua.gr
and 61.9.133.9 is CPE-61-9-133-9.vic.bigpond.net.au
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.