I have installed firestarter on RH 7.1 with most of the fixes installed.
It seemed to be working great and I was watching the logs as someone came in first of all via port 138, so I blocked that port and then they came in on port 137. I blocked that and things seem to be fine.
I went about my business on the machine and while playing around my mouse locked up. I thought someone is hacking me, so disconnected it from the network.
I let it sit. I had no way to get into it. I was forced to reboot.
Here is the error message upon reboot and hoping someone can help me.
Mounting USB filesystem:
can't create lock file /etc/mntab~75: Read-only file system (use -n flag to override) - FAILED
Initializing USB controller (usb-uhci) Checking root filesystem
/ contains a file system with errors, check forced
/:
Unattached inode 1442
And error occured during the fle system check
/:UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY.
(i.e., without -a or -p options.

I did run the fsck and the machine did come back up, but now it locked up again.
Any ideas anyone?

If you think you're experiencing a DoS on a small home/small office system/network it's best to disconnect like you already did, larger setups usually try and contact their ISP and see if they can help with for example ingress filtering.

TCP 137-139 are NetBIOS ports for wintendo and have got nothing to do with Linux, unless you're running Linux equivalent services using Samba (which you don't mention).

"Crackers", if they would enter your box, don't go after mice, they're there for the root account.

The error of you being unable to mount your USBfs is consistent with std "read-only partition" behaviour due to mounting after failed error-checking is done (man tune2fs). Drop down to single mode and run fsck on the (must be read-only) partitions.

*Next time you got the urge to reboot w/o syncing and properly unmounting, make sure you have the magic keys working and learn the (proper) Linux CTRL+ALT+DEL three finger salutes: ALT+SYSREQ+S (sync), ALT+SYSREQ+U (mount all -r) then ALT+SYSREQ+B (reboot).

If the system is still off the network and you are still experiencing these problems, then I doubt that you are being DoS'd. It looks more like you've got something else going on. Try looking through /var/log/messages. If you don't see anything of interest, try increasing the log level in syslog.conf and see what else shows up.

unSpawn,
I appreciat the info and is helpful with the reboot info. Thanks alot. I'm a serious newbie as you know I'm sure. This is a single workstation I'm setting up for work. It's currently at my desk and I had it online to get the updates via RH.
I am no longer getting the USB error messages since I've ran fsck manually on most of the filesystems. I tried on /root with no luck.
My only error left which I can't run fsck on is
"Checking root filesystem / contains a file system with errors, check forced.
Unattached inode 257
Anymore ideas?
Now I did install samba. Don't know nothing about it.

I do not have any log files to go by. Muchless nothing under /var.

How come in Single user mode I can't edit the /etc/fstab or /etc/mtab?
Or where can I get to so I can edit these files?
Thanks all.

Unattached inodes usually means loss of some files, unless they're reattached to /lost+found by fsck. If you're missing files, try using "mc"'s undelete function, but before that make sure your fsck processes return w/o errors. When I'm unsure about a partition I force an fsck on the read-only partition, just to be sure.

Hmm. If you're unable to edit files it means the filesystem still is mounted read-only. You could "mount <partition> -o remount rw" to get it back to read-write state.

* If you have any other questions regarding the "fall-out" from your incident I would like to ask you to open up a new thread in any of the other forums because by now it's becoming OT and not a security issue anymore.

What is the "mc" undelete?