LinuxQuestions.org
Visit Jeremy's Blog.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
Reload this Page iptables event in messages
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-10-2005, 09:01 PM   #1
TheRealDeal
Member
 
Registered: Jun 2003
Location: Central Coast, NSW, Australia
Distribution: Gentoo
Posts: 438

Rep: Reputation: 30
iptables event in messages

Hi all.

Could I please ask your advise on something....

Mar 11 11:51:18 Images kernel: IN=eth0 OUT= MAC=00:00:e2:9b:f2:67:02:00:e3:98:79:6d:08:00 SRC=192.168.8.69 DST=192.168.10.182 LEN=48 TOS=0x00 PREC=0x00 TTL=128 ID=34590 DF PROTO=TCP SPT=2198 DPT=139 WINDOW=64512 RES=0x00 SYN URGP=0

I get this in my /var/log/messages. Does anyone know what source port 2198 could be?

Thanks alot.
Craig.
 
Old 03-11-2005, 03:37 AM   #2
win32sux
LQ Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 380Reputation: 380Reputation: 380Reputation: 380
i'm not sure about the source port (i think it can vary from host to host), but destination port 139 is part of windows' netbios stuff... so unfortunately it's normal for your firewall to be blocking incoming 139/tcp packets (among others) from windows boxes (and worms) all night and day...

http://www.iss.net/security_center/a...39/default.htm

if you don't wanna see them get logged just add a rule to block them silently before they hit the log rule... for example:

Code:
iptables -I INPUT -p TCP --dport 139 -m state --state NEW -j DROP
just my two cents...

Last edited by win32sux; 03-11-2005 at 03:39 AM.
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iptables prob in /var/log/messages globeTrotter Linux - Networking 9 11-17-2004 03:02 PM
syslog is filled with iptables DROPPED messages TLV Linux - Networking 3 10-06-2004 04:23 AM
iptables and /var/log/messages Obie Linux - Security 5 08-18-2004 02:02 AM
iptables and limiting the number of times an event gets logged drexel Linux - Security 3 02-09-2004 08:59 AM
Iptables messages... possibly.. eniuquine Linux - Security 9 09-16-2003 05:04 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 08:54 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration