Phillip Hofmeister <[EMAIL PROTECTED]> wrote in message news:<[EMAIL PROTECTED]>... > It is saying a rule matched. Doesn't say what you did with the packet > though, just tells you about the packet. If you want to know what you > did with it you would need to include a log-prefix in your iptables > scripts. > > Here is what we know: > > Interface Traffic came IN on: ppp0 > The IP Address the traffic came from is: 83.36.139.197 > THE IP Address it was destined to: 12.65.24.43 > The length of the packet was: 53 bytes > The Type of Service flag was set to null (00) > The SYN flag was set, this was a connection attempt > The IP ID Field (for IP Fragmentation) was: 19155 > The layer 4 protocol was: TCP > The layer 4 port was (source): 4346 > The layer 4 port destination was: 445 > The size of the TCP Window was: 16384 bytes > > Shorter version: Someone from 83.36.139.197 tried to connect to > 12.65.24.43 (presumably you) on port 445 via interface ppp0. We cannot > deduce what action was taken by your computer because you (or your > IPTABLES Interface program) did not log this. It is for this reason I > run my own IPTABLES script and edit it by hand (pretty > masochistic....huh?). My guess is this packet was related to an > automated attack (worm). >
Phillip, This is all great. I do want to thank you and Martin and S. Keeling (esp.) and Bernd--you've all been very helpful. Some of the information from this group has led me to a new study list! -- look at Bastille -- look at firehol and/or firestarter -- re-read all the Debian security docs Lists and newsgroups are the way to go! -- Wanda -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
