Logwatch

elvisious · 10-05-2009, 01:13 PM

Hi,

This is in my logwatch now and then:

Quote:

--------------------- iptables firewall Begin ------------------------

Listed by source hosts:
Logged 298 packets on interface eth0
From 10.0.0.2 - 88 packets to udp(138)
From 10.0.1.1 - 210 packets to udp(137)

Listed by source hosts:
Logged 18 packets on interface eth1
From 0.0.0.0 - 18 packets to udp(67)

---------------------- iptables firewall End -------------------------

What does it mean?

Greetz
FrankY

anomie · 10-05-2009, 01:29 PM

It means that, during the reporting period, 298 packets were sent to you (or your broadcast address) that matched LOG targets in your iptables chain(s).

The first set is MS chatter:

Code:

$ egrep ' 138\/| 137\/' /etc/services 
netbios-ns      137/tcp                         # NETBIOS Name Service
netbios-ns      137/udp
netbios-dgm     138/tcp                         # NETBIOS Datagram Service
netbios-dgm     138/udp

The second set is for dhcp clients:

Code:

$ grep ' 67\/' /etc/services 
bootps          67/tcp                          # BOOTP server
bootps          67/udp

elvisious · 10-05-2009, 01:35 PM

Is any of it unsecure?
Do I have to worry about it?

anomie · 10-05-2009, 01:37 PM

With the caveat that I have no idea whether your system is properly secured, there is nothing unusual about the report snippet you posted. Lots of networks have similar chatter.