Weird kernel message
 

I've just done a fresh install of RH9 and am setting up IP Tables with the basic firewall rules from the IP Masq HOWTO for testing. Once I got it running the following message started broadcasting itself on the console:

Jun 1 21:47:31 spotnik kernel: IN=eth0 OUT=eth0 SRC=192.168.42.2 DST=207.179.200.2 LEN=71 TOS=0x00 PREC=0x00 TTL=127 ID=3074 PROTO=UDP SPT=137 DPT=53 LEN=51

The source IP is my windows machine. The destination IP is the tertiary nameserver addresses from my ISP. This message keeps echoing about every minute or so, somtimes with the secondary nameserver address.

First of all, I cannot tell from any of my other logs why my Windows machine seems to be continually pinging my nameserver (Windows, unfotrunately , doesn't HAVE any system logs, so they're no help!) ?

Secondly, why is this message echoing on the console instead of just being logged in like every other entry?

Has anyone else seen this, and do you have any suggested explainations? Thanks!

It sounds like your windows machine may be running a port scan. Is it worm/virus free?

According to NAV with virus signatures dated 6/1/03 it is virus free. But your hunch was exactly my first instinct too. The messages stop once I've dialed in, suggesting that the Win98 box is now getting to where is wants to go.

So, I am open to any further suggestions because SOMETHING in my Win box wants to get out via the linux machine.