On Sunday 16 February 2003 11:06 pm, Derek Jennings wrote: > On Sunday 16 Feb 2003 11:18 pm, Kaj Haulrich wrote: > > When doing a dmesg I get all the usual stuff, but > > lately a new thing - at least to me - is showing up. > > The last stanzas grow bigger and bigger and reads a > > lot like this : > > > > <snip> > > Shorewall:net2all:DROP:IN=eth0 OUT= > > MAC=00:50:ba:c6:65:6a:00:08:a4:cb:f0:38:08:00 > > SRC=80.192.8.112 > > DST=80.198.60.128 LEN=48 TOS=0x00 PREC=0x00 TTL=114 > > ID=56266 DF PROTO=TCP SPT=3147 DPT=1214 > > WINDOW=64240 RES=0x00 SYN URGP=0 </snip> > > > > To me it seems like shorewall is stopping someone - > > actually a lot - trying to do a portscan on me. Now, > > when I do a *whois* on all those URL's it seems that I > > get both decent ISP's as well as more clandestine > > ones. > > > > What's going on ? - Can someone decipher this ? > > > > TIA > > > > Kaj Haulrich. > > So Kaj do you use Kazaa? > > The key in these records is to look at the Destination > Port DPT=1214 and then just enter port 1214 into Google. > The answer... Kazaa > Not a port scan this time. But at least you know > Shorewall is working. > > derek
Thanks Derek and Charlie ! No, I don't use Kazaa. I'll admit that I've installed gtk-gnutella and fetched a few Mozart.ogg's, but I assume that has nothing to do with Kazaa (right ?). I'm happy to know Shorewall is awake and working, though. But what's the general idea of those *attacks* ? - Maybe Charlie is right : it gives me the option of reporting abuse to the ISP's. - But will they comply ? Kaj Haulrich. =========================================== Powered by Linux - Mandrake 9.0 Registered Linux user # 214073 at http://counter.li.org Source : my 100 % Microsoft-free personal computer. ===========================================
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
