In article [EMAIL PROTECTED] you wrote:
Aug 12 04:36:53 towern kernel: |iptables -- IN=ppp0 OUT= MAC=
SRC=201.129.122.85 DST=12.65.24.43 LEN=48 TOS=0x00 PREC=0x00 TTL=115
ID=40023 DF PROTO=TCP SPT=4346 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0
...
It all depends on whether you have
Incoming from Bernd Eckenfels:
In article [EMAIL PROTECTED] you wrote:
Aug 12 04:36:53 towern kernel: |iptables -- IN=ppp0 OUT= MAC=
SRC=201.129.122.85 DST=12.65.24.43 LEN=48 TOS=0x00 PREC=0x00 TTL=115
ID=40023 DF PROTO=TCP SPT=4346 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0
...
In article [EMAIL PROTECTED] you wrote:
Well, you need to check if DST= is a local address, anyway.
Are you suggesting that I might see stuff in my logs that was destined
for a foreign IP? If so, that would make me an open mail relay, no?
If your system is a gateway, this is quite common.
On 14 Aug 2004, s. keeling wrote:
Incoming from Bernd Eckenfels:
In article [EMAIL PROTECTED] you wrote:
Aug 12 04:36:53 towern kernel: |iptables -- IN=ppp0 OUT= MAC=
SRC=201.129.122.85 DST=12.65.24.43 LEN=48 TOS=0x00 PREC=0x00 TTL=115
ID=40023 DF PROTO=TCP SPT=4346 DPT=445 WINDOW=16384
Phillip Hofmeister [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]...
It is saying a rule matched. Doesn't say what you did with the packet
though, just tells you about the packet. If you want to know what you
did with it you would need to include a log-prefix in your iptables
Incoming from Daniel Pittman:
On 14 Aug 2004, s. keeling wrote:
Are you suggesting that I might see stuff in my logs that was destined
for a foreign IP?
Not often, but occasionally, depending on how your ISP connects you to
the Internet. It is most common on a LAN or a cable setup.
Sorry for personnal posting. I've changed my keys recently under Gnus,
and it's hard to change old usage ;)
---BeginMessage---
Le 12643ième jour après Epoch,
Wanda Round écrivait:
After reading that I should look through /var/log/messages, I did
and found many lines like these:
Aug 12
Incoming from Wanda Round:
After reading that I should look through /var/log/messages, I did
and found many lines like these:
Aug 12 04:36:53 towern kernel: |iptables -- IN=ppp0 OUT= MAC=
SRC=201.129.122.85 DST=12.65.24.43 LEN=48 TOS=0x00 PREC=0x00 TTL=115
ID=40023 DF PROTO=TCP SPT=4346
Incoming from s. keeling:
Incoming from Wanda Round:
After reading that I should look through /var/log/messages, I did
and found many lines like these:
Aug 12 04:36:53 towern kernel: |iptables -- IN=ppp0 OUT= MAC=
SRC=201.129.122.85 DST=12.65.24.43 LEN=48 TOS=0x00 PREC=0x00 TTL=115
Hi
What those lines is saying is that on your ppp0 interface (your dialup)
you got a SYN packet from 201.129.122.85 (SRC) to 12.65.24.43 (DST) sent
from port 4346 (SPT) to port 445 (DPT).
SYN packages is sent to establish a connection.
Port 445 is listed as microsoft-ds (Microsoft Naked CIFS)
On Fri, 13 Aug 2004 at 08:13:21AM -0700, Wanda Round wrote:
After reading that I should look through /var/log/messages, I did
and found many lines like these:
Aug 12 04:36:53 towern kernel: |iptables -- IN=ppp0 OUT= MAC=
SRC=201.129.122.85 DST=12.65.24.43 LEN=48 TOS=0x00 PREC=0x00 TTL=115
Le 12643ième jour après Epoch,
s. keeling écrivait:
Incoming from Wanda Round:
After reading that I should look through /var/log/messages, I did
and found many lines like these:
Aug 12 04:36:53 towern kernel: |iptables -- IN=ppp0 OUT= MAC=
SRC=201.129.122.85 DST=12.65.24.43 LEN=48
s. keeling [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]...
Incoming from Wanda Round:
After reading that I should look through /var/log/messages, I did
and found many lines like these:
Aug 12 04:36:53 towern kernel: |iptables -- IN=ppp0 OUT= MAC=
SRC=201.129.122.85
Incoming from Wanda Round:
s. keeling [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED]...
Incoming from Wanda Round:
Aug 12 04:36:53 towern kernel: |iptables -- IN=ppp0 OUT= MAC=
SRC=201.129.122.85 DST=12.65.24.43 LEN=48 TOS=0x00 PREC=0x00 TTL=115
ID=40023 DF PROTO=TCP
14 matches
Mail list logo