Hi What those lines is saying is that on your ppp0 interface (your dialup) you got a SYN packet from 201.129.122.85 (SRC) to 12.65.24.43 (DST) sent from port 4346 (SPT) to port 445 (DPT).
SYN packages is sent to establish a connection. Port 445 is listed as microsoft-ds (Microsoft Naked CIFS) so I would guess it was some search for windows machines for some exploit ... But what you need to know to learn how to read the logs is: SRC = reported sending IP for the package. DST = reported target IP for the package. SPT = reported sending port for the package. DPT = reported target port for the package. For the target port you can often find it in /etc/services if its a standard port for a known service. Hope this cleared this up a little, I'm not that much of a teacher ... :) /Martin 13 Aug 2004, Wanda Round wrote: > After reading that I should look through /var/log/messages, I did > and found many lines like these: > > Aug 12 04:36:53 towern kernel: |iptables -- IN=ppp0 OUT= MAC= > SRC=201.129.122.85 DST=12.65.24.43 LEN=48 TOS=0x00 PREC=0x00 TTL=115 > ID=40023 DF PROTO=TCP SPT=4346 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0 > > Aug 12 04:40:59 towern kernel: |iptables -- IN=ppp0 OUT= MAC= > SRC=83.36.139.197 DST=12.65.24.43 LEN=52 TOS=0x00 PREC=0x00 TTL=46 > ID=19155 DF PROTO=TCP SPT=4845 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0 > > The 12.65.24.43 was my dialup connection. The 201.129.etc and 83.36.etc > were from Mexico and Spain. > > MAN iptables didn't help me at all! > > What are these lines telling me? Where can I find a simpler explanation > of iptables logs? > > -- > Wanda > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- /Martin Grape Network and System Admin Trema Laboratories SARL Email : [EMAIL PROTECTED] | 1300 route des Cretes Phone : +33-4-92384149 | Parc de Sophia-Antipolis GSM : +33-6-30655938 | F-06560 Valbonne, France -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]