Annoying network card piece of data
Hi mates, recently I've updated my linux kernel to the 2.6.7 one and, although I've checked all the kernel options are fine, I get a never ending piece of my network card data on the console when a start in runlevel 3. After the eth0 is activated at boot time, the following piece of data is repeating with no end the whole time:
Quote:
Thanks for your help. PS: DST=w.x.y.z is, in this case, my IP address. Athlon 1.2 GHz, 768MB RAM. RH 9.0. Kernel 2.6.7. |
see http://www.webservertalk.com/message294663.html
It looks like a firewall may be dropping packets. The port 3387 is for something called "Back Room Net". If that network traffic is desired, you could modify the firewall. If it is junk, thank your firewall, but change the logging for dropped packets. |
Port 3387 is the source port, and it's an ephemeral port. The destination is 445, which is a privileged port and it just so happens to run Microsoft Name Service for Win2K and later. The source IP is from a cable broadband network. The program causing those messages to be written to console is the kernel netfilter logging dropped packets.
Now as to why those packets are constantly hitting you, it's fairly easy to guess based on the above information, that it's either a worm trying to propagate, or someone scanning very aggressively for exploitable Windows boxes. The best course of action would be to put a special drop rule in your firewall configuration for all the MS ports and don't use the logging flag. Make sure this rule goes above your default "drop all" rule. That way MS worm related traffic will be blocked, but not logged. All other dropped traffic will continue to be logged so you can examine it. |
if you do not want to see that message any more, use the rule
iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 445 -j DROP |
Hi again!
I've tried the previous suggestions and certainly it didn't work. I must say that I haven't included NAT into my kernel since I think I don't need it. Should I do it for any reason?? So, I've tried the iptables command above changing - Quote:
Quote:
Is the beggining of this command normal? What about the last ACCEPT statement?? Code:
$ /sbin/iptables -t filter -nL |
Use
#iptables -t filter -nvL this will include the interfaces in the output. that last line ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 relates to your local interface (lo). |
All times are GMT -5. The time now is 12:13 AM. |