[expert] IPTABLES: Module is wrong version - how secure am i?

Tue, 05 Mar 2002 09:53:10 -0800 

hi,

firstly, go easy on me, i'm still new to the list and linux.

i'm running LM 8.1 with kernel 2.4.16-6mdk

browsing thru the logs, i came across this in /var/log/messages
        ....
        Mar  4 00:20:52 infiniti bastille-firewall: iptables v1.2.4:
        Mar  4 00:20:52 infiniti bastille-firewall: can't initialize    iptables
table `filter': Module is wrong version
        Mar  4 00:20:52 infiniti bastille-firewall: Perhaps iptables or         your
kernel needs to be upgraded.
        .....
can someone tell me what to make of this...? (sorry if this sounds lame,
but I'd rather be safe than sorry)

and also found this in /var/log/deamons/info
        .....
        Mar  4 06:00:39 infiniti portsentry[2441]: attackalert: TCP     SYN/Normal
scan from host:         dsl-64148158174.internetconnect.net/64.148.158.174 to
TCP port:       515
        Mar  4 06:00:39 infiniti portsentry[2441]: attackalert: Host
        64.148.158.174 has been blocked via wrappers with string: "ALL:
        64.148.158.174"
        Mar  4 06:00:39 infiniti portsentry[2441]: attackalert: Host
        64.148.158.174 has been blocked via dropped route using command:
        "/sbin/iptables -A INPUT -s 64.148.158.174 -j DROP"
        .....
        Mar  4 06:23:30 infiniti portsentry[2441]: attackalert: TCP     SYN/Normal
scan from host: 203.115.119.11/203.115.119.11 to TCP    port: 22
        Mar  4 06:23:30 infiniti portsentry[2441]: attackalert: Host
        203.115.119.11 has been blocked via wrappers with string: "ALL:
        203.115.119.11"
        Mar  4 06:23:30 infiniti portsentry[2441]: attackalert: Host
        203.115.119.11 has been blocked via dropped route using command:
        "/sbin/iptables -A INPUT -s 203.115.119.11 -j DROP"
        .....
        Mar  4 07:20:50 infiniti portsentry[2441]: attackalert: TCP     SYN/Normal
scan from host: 210.111.129.10/210.111.129.10 to TCP    port: 111
        Mar  4 07:20:50 infiniti portsentry[2441]: attackalert: Host
        210.111.129.10 has been blocked via wrappers with string: "ALL:
        210.111.129.10"
        Mar  4 07:20:50 infiniti portsentry[2441]: attackalert: Host
        210.111.129.10 has been blocked via dropped route using command:
        "/sbin/iptables -A INPUT -s 210.111.129.10 -j DROP"

and many more such similar attacks/messages? from various ip addresses.

do these messages indicate that my m/c has not been compromised (yet)?
any suggestions, pointers would be appreciatied.

PS go easy on me, i'm still new to the list and linux.
-- 
Ashley Moore. (CCNA,CNE,MC$E)
Sys.Admin & IT Consultant.

Attachment: signature.asc
Description: This is a digitally signed message part

Reply via email to