Can anyone tell me what this Shorewall log entry means? I get about fifty to sixty hits like this every day.
Mar 29 16:12:57 Gateway Shorewall:net2all:DROP: IN=eth0 OUT= MAC=00:20:af:38:31:c5:00:10:67:00:b5:6b:08:00 SRC=64.214.177.149 DST=209.233.16.123 LEN=48 TOS=00 PREC=0x00 TTL=111 ID=28282 DF PROTO=TCP SPT=3463 DPT=445 SEQ=3057110942 ACK=0 WINDOW=16384 SYN URGP=0
Interpreting log entries when given NO information about the system involved is always guesswork. Here I assume your setup is typical (for example, eth0 is the external interface, 209.233.16.123 is your IP address).
The traffic is TCP (PROTO=) to port 445 (DPT=). /etc/services says 445 is "microsoft-ds". A quick Google search on "microsoft-ds" turns up two things of interest.
1. "microsoft-ds" is associated with a Microsoft service called LanMan.
2. BugTraq reports a DoS attack associated with use of this port.
More analysis would require more Windows expertise than I possess, but perhaps someone else here knows enough to say more. If not, this should be enough to let you use Google productively to learn more.
------------------------------------------------------- This SF.net email is sponsored by: The Definitive IT and Networking Event. Be There! NetWorld+Interop Las Vegas 2003 -- Register today! http://ads.sourceforge.net/cgi-bin/redirect.pl?keyn0001en ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
