LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-23-2005, 03:38 AM   #1
ddaas
Member
 
Registered: Oct 2004
Location: Romania
Distribution: Ubuntu server, FreeBsd
Posts: 474

Rep: Reputation: 30
help me understanding iptables logs


Hello,
My logs from iptables look like this:

Feb 21 10:07:38 servername kernel: ***INPUT PACKETS***=>IN=eth0 OUT= MAC=00:0d:56:b8:f8:9c:00:09:5b:58:35:a5:08:00 SRC=134.214.x.x DST=192.168.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=112 ID=5107 DF PROTO=TCP SPT=61945 DPT=22 WINDOW=65007 RES=0x00 ACK FIN URGP=0

Feb 21 10:07:38 servername kernel: ***OUTPUT PACKETS***=>IN= OUT=eth0 SRC=192.168.x.x DST=134.214.x.x LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=25772 DF PROTO=TCP SPT=22 DPT=61945 WINDOW=11552 RES=0x00 ACK FIN URGP=0

Everything looks just fine.


But I also have the following line: Feb 21 22:20:11 servername kernel: ***OUTPUT PACKETS***=>IN= OUT=eth0 S46 DF PROTO=TCP SPT=22 DPT=1244 WINDOW=8576 RES=0x00 ACK URGP=0


There is no source IP, no destination IP, nothing.


What could this mean??


ddaas
 
Old 02-23-2005, 10:08 AM   #2
peter_robb
Senior Member
 
Registered: Feb 2002
Location: Szczecin, Poland
Distribution: Gentoo, Debian
Posts: 2,458

Rep: Reputation: 48
The first two are showing the end of an ssh session.. depending on which table they are generated from..
It could also be a remote scan.. checking if the port is filtered or not..

The last one could be a syslog bug.. the input fifo could have dropped some of the log line data..
The beginning and end of the line look ok, just the middle is missing from SRC= to ID=xxx46..

The filter table produces a lot of logging coz every packet is looked at.. A logjam in the syslog pipe could certainly exist if there are a lot of -j LOG rules..
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables logs ddaas Linux - Security 1 01-20-2005 09:26 AM
understanding iptables gr00ve Linux - Networking 1 11-01-2004 01:47 PM
Understanding iptables Buckyjunior Linux - Networking 3 03-07-2004 07:18 AM
iptables -creating logs chrisfirestar Linux - Security 5 02-13-2004 08:17 AM
[SOLVED] Understanding System Logs SlowLearner Linux - Networking 7 05-26-2003 10:11 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:45 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration