On Sunday 16 Feb 2003 11:18 pm, Kaj Haulrich wrote: > When doing a dmesg I get all the usual stuff, but lately a > new thing - at least to me - is showing up. The last > stanzas grow bigger and bigger and reads a lot like this : > > <snip> > Shorewall:net2all:DROP:IN=eth0 OUT= > MAC=00:50:ba:c6:65:6a:00:08:a4:cb:f0:38:08:00 > SRC=80.192.8.112 > DST=80.198.60.128 LEN=48 TOS=0x00 PREC=0x00 TTL=114 > ID=56266 DF PROTO=TCP SPT=3147 DPT=1214 > WINDOW=64240 RES=0x00 SYN URGP=0 > Shorewall:net2all:DROP:IN=eth0 OUT= > MAC=00:50:ba:c6:65:6a:00:08:a4:cb:f0:38:08:00 > SRC=217.235.136.240 DST=80.198.60.128 LEN=48 TOS=0x00 > PREC=0x00 TTL=117 ID=53207 DF PROTO=TCP > SPT=24207 DPT=1214 WINDOW=16384 RES=0x00 SYN URGP=0 > Shorewall:net2all:DROP:IN=eth0 OUT= > MAC=00:50:ba:c6:65:6a:00:08:a4:cb:f0:38:08:00 > SRC=217.235.136.240 DST=80.198.60.128 LEN=48 TOS=0x00 > PREC=0x00 TTL=117 ID=53220 DF PROTO=TCP > SPT=24207 DPT=1214 WINDOW=16384 RES=0x00 SYN URGP=0 > Shorewall:net2all:DROP:IN=eth0 OUT= > MAC=00:50:ba:c6:65:6a:00:08:a4:cb:f0:38:08:00 > SRC=217.235.136.240 DST=80.198.60.128 LEN=48 TOS=0x00 > PREC=0x00 TTL=117 ID=53257 DF PROTO=TCP > SPT=24207 DPT=1214 WINDOW=16384 RES=0x00 SYN URGP=0 > </snip> > > To me it seems like shorewall is stopping someone - > actually a lot - trying to do a portscan on me. Now, > when I do a *whois* on all those URL's it seems that I get > both decent ISP's as well as more clandestine ones. > > What's going on ? - Can someone decipher this ? > > TIA > > Kaj Haulrich.
So Kaj do you use Kazaa? The key in these records is to look at the Destination Port DPT=1214 and then just enter port 1214 into Google. The answer... Kazaa Not a port scan this time. But at least you know Shorewall is working. derek -- ---------------------------------- www.jennings.homelinux.net
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
