Matt:
That's an interesting firewall log. Two quick questions
spring to mind:
1. The source-IP is 192.0.1.11, the dest is 192.0.1.7, but this
is coming in on the eth0 interface of your firewall. So...
how does your LEAF firewall connected to your WinXP box?
I'm presuming that 192.0.1.11is the WinXP box, but I can't
tell what LEAF's eth0 IP address is.
2. UDP port 1900 is Universal Plug&Pray (UPnP) not ssdp. The
original releases of WinXP had a vulnerability with this
service. But since the traffic is all local (192.0.1.x for
both source and dest) I doubt it's an attack; it's probably
just normal UPnP activity. Still, it'd help to know: which is
your WinXP machine?
-Scott
> in /var/log/syslog i get the following error repeated three times every 25
> seconds:
>
> Aug 9 15:45:23 firewall kernel: Shorewall:all2all:REJECT:IN=eth0 OUT=
> MAC=00:04:76:e2:6c:6c:00:40:95:30:aa:71:08:00 SRC=192.0.1.11 DST=192.0.1.7
> LEN=160 TOS=0x00 PREC=0x00 TTL=128 ID=10522 PROTO=UDP SPT=1037 DPT=1900
> LEN=140
>
> a quick look on the TCP/IP common port listings suggests that this is due to
> ssdp. would that make sense? should i be authorizing a port on the firewall
> to allow XP to do this?
-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
