hello MANDRAKE! since today i have strange logs from ipchains. ipchains is configured like this: [root@orbit /etc/sysconfig]# ipchains -L Chain input (policy ACCEPT): target prot opt source destination ports DENY tcp ----l- !192.168.0.0/24 anywhere netbios-ns:netbios-ssn -> any DENY udp ----l- !192.168.0.0/24 anywhere netbios-ns:netbios-ssn -> any Chain forward (policy ACCEPT): target prot opt source destination ports MASQ tcp ------ 192.168.0.0/24 anywhere !netbios-ns:netbios-ssn -> any MASQ udp ------ 192.168.0.0/24 anywhere !netbios-ns:netbios-ssn -> any DENY tcp ------ anywhere 192.168.0.0/24 any -> netbios-ns:netbios-ssn DENY udp ------ anywhere 192.168.0.0/24 any -> netbios-ns:netbios-ssn Chain output (policy ACCEPT): target prot opt source destination ports DENY udp ----l- anywhere !192.168.0.0/24 any -> netbios-ns:netbios-ssn DENY udp ----l- anywhere !192.168.0.0/24 any -> netbios-ns:netbios-ssn [root@orbit /etc/sysconfig]# it startet with entries like this Nov 23 14:24:32 orbit kernel: Packet log: input DENY ppp0 PROTO=17 130.192.56.97:137 212.185.245.71:137 L=78 S=0x00 I=5295 F=0x0000 T=115 (#2) with the first ip is a system somewhere in the internet, the second IP the system i connect to at my ISP. these log entries are quite usual, mostly caused by dumb asses scanning the system for security holes.. but later i got entries like this: Nov 24 00:29:09 orbit kernel: Packet log: output DENY ppp0 PROTO=17 192.168.0.104:137 213.239.137.56:137 L=78 S=0x00 I=30419 F=0x0000 T=127 (#1) this is clearly a system from within, trying to connect to a system outside.. what is it? i already checked the system within for viruses - without success.. could smeone give me a hint? thanks in advance, PAT -- vcard/LDAP/PGP: http://dresden-online.com/~perler/identity.html PGP fingerprint: DAC6 2FDA 1ED7 AD55 BD1F 5142 3D5F 72BF
Keep in touch with http://mandrakeforum.com: Subscribe the "[EMAIL PROTECTED]" mailing list.
