"s. keeling" <[EMAIL PROTECTED]> wrote in message news:<[EMAIL PROTECTED]>... > Incoming from Wanda Round: > > After reading that I should look through /var/log/messages, I did > > and found many lines like these: > > > > Aug 12 04:36:53 towern kernel: |iptables -- IN=ppp0 OUT= MAC= > > SRC=201.129.122.85 DST=12.65.24.43 LEN=48 TOS=0x00 PREC=0x00 TTL=115 > > ID=40023 DF PROTO=TCP SPT=4346 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0 > > - It came in over ppp0. > > - It didn't get back out. > > - No network card was involved. > > - It came from 201.129.122.85 > > - Your IP was 12.65.24.43 > > - [Other stuff] > > - It was TCP protocol (as opposed to UDP, ICMP, ...) > > - It came from their port #4346. > > - It went at your port #445. > > - [Other stuff] > > The only thing I tend to care about is: > > - What, on my machine, is at port #445 (nothing). "grep 445 /etc/services". > > - If it's an INcoming or OUTgoing packet, is it (related to) > something I started? > > - Many things (like 53, DNS) are just idiots out there who (for > whatever reason) think you are their nameserver. Ignore them. > > - Many hits on your box are from viruses and worms looking to infect > your box. Ignore them. > > - Many hits are from spammers trying to find out if they can use you > as an open mail relay. Ignore them. >
S. Keeling, Many thanks for the clear, tiny-bite answer! Which specific item tells you that it "didn't get back out"? You're saying that as long as the incoming doesn't get back out I'm ok, correct? Every line I saw in the /var/log/messages had the same kind of thing only with different MAC addresses. Does this mean, FROM THE LITTLE YOU'VE SEEN, that the iptables is doing a good job? -- Wanda -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
