>Dec 9 00:54:05 flem kernel: IP fw-in deny eth0 UDP 169.254.181.124:137
>169.254.255.255:137 L=96 S=0x00 I=24832 F=0x0000 T=128
Someone is doing a service scan for Samba on EVERY machine on the
169.254.x.x network. Thats a LOT of machines.
>The specified host (169.254.181.124:137) doesn't seem to reverse-resolve.
>Port 137 UDP is used by netbios.
It looks like that address was spoofed. Its a false address
>WHERE DO THEY COME FROM?
>Dec 9 00:54:05 flem kernel: IP fw-in deny eth0 UDP 169.254.181.124:137
>169.254.255.255:137 L=96 S=0x00 I=24832 F=0x0000 T=128
Well.. it came in from your ETH0 interface and its UDP. Since
the IP address is spoofed, only a SNIFFER would be able to tell you.
This is why you have a good firewall! :)
--David
.----------------------------------------------------------------------------.
| David A. Ranch - Linux/Networking/PC hardware [EMAIL PROTECTED] |
!---- ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
