Mariano Kamp
2002-Nov-03 12:29 UTC
[Shorewall-users] What is all that traffic on my machine?
Hi, I am wondering why there are so many entries in my messages file complaining about rejects and drops? Without limiting the number of warning messages in shorewall.conf I get constantly output saying that packages have been rejected like the one below: Nov 3 14:44:58 rock kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MACSRC=80.132.21.112 DST=<MY_DYNAMIC_IP> LEN=60 TOS=0x00 PREC=0x00 TTL=55 ID=6167 DF PROTO=TCP SPT=45274 DPT=4662 WINDOW=5840 RES=0x00 SYN URGP=0 rock:/x2/home/mkamp# nslookup 80.132.21.112 [..] 112.21.132.80.in-addr.arpa name = p50841570.dip.t-dialin.net. The dip.t-dialin.net is likely T-Online the biggest ISP in Germany .. So I guess these are script kiddies scanning my machine? Cheers, Mariano
Tom Eastep
2002-Nov-03 13:55 UTC
[Shorewall-users] What is all that traffic on my machine?
--On Sunday, November 03, 2002 01:29:40 PM +0100 Mariano Kamp <mkamp@gmx.de> wrote:> Hi, > > I am wondering why there are so many entries in my messages file > complaining about rejects and drops? Without limiting the number of > warning messages in shorewall.conf I get constantly output saying that > packages have been rejected like the one below: > > > Nov 3 14:44:58 rock kernel: Shorewall:net2all:DROP:IN=ppp0 OUT= MAC> SRC=80.132.21.112 DST=<MY_DYNAMIC_IP> LEN=60 TOS=0x00 > PREC=0x00 TTL=55 ID=6167 DF PROTO=TCP SPT=45274 DPT=4662 WINDOW=5840 > RES=0x00 SYN URGP=0 > > rock:/x2/home/mkamp# nslookup 80.132.21.112 > [..] > 112.21.132.80.in-addr.arpa name = p50841570.dip.t-dialin.net. > > > The dip.t-dialin.net is likely T-Online the biggest ISP in Germany .. > So I guess these are script kiddies scanning my machine? >Probably... -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Joerg Plate
2002-Nov-03 15:44 UTC
[Shorewall-users] What is all that traffic on my machine?
> DPT=4662eDonkey file sharing service...> The dip.t-dialin.net is likely T-OnlineIt is T-Online. Most likely DSL... -- "I''m working on it." <http://Patterner.de>
Tom Eastep
2002-Nov-03 17:19 UTC
[Shorewall-users] What is all that traffic on my machine?
--On Sunday, November 03, 2002 04:44:42 PM +0100 Joerg Plate <plate@psyche.kn-bremen.de> wrote:> >> DPT=4662 > eDonkey file sharing service... > >> The dip.t-dialin.net is likely T-Online > It is T-Online. Most likely DSL... >If you want to get rid of the messages generated from these probes, add this in your /etc/shorewall/rules file: DROP net fw tcp 4662 -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ teastep@shorewall.net
Mariano Kamp
2002-Nov-03 18:33 UTC
[Shorewall-users] What is all that traffic on my machine?
thx. I''ll do that. Mariano On Sun, 2002-11-03 at 18:19, Tom Eastep wrote:> > > --On Sunday, November 03, 2002 04:44:42 PM +0100 Joerg Plate > <plate@psyche.kn-bremen.de> wrote: > > > > >> DPT=4662 > > eDonkey file sharing service... > > > >> The dip.t-dialin.net is likely T-Online > > It is T-Online. Most likely DSL... > > > > If you want to get rid of the messages generated from these probes, add > this in your /etc/shorewall/rules file: > > DROP net fw tcp 4662 > > -Tom > -- > Tom Eastep \ Shorewall - iptables made easy > AIM: tmeastep \ http://www.shorewall.net > ICQ: #60745924 \ teastep@shorewall.net > > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@shorewall.net > http://www.shorewall.net/mailman/listinfo/shorewall-users >