Shorewall users - May 2007 - Log questions

Hello,
   
      Can anyone tell me my shorewall is get hacked ? or local Lan computers
  got Virus ? please see the following log.
   
  http://www.wilson-kwok.com/shorewall.txt
   
  Please help 

       
---------------------------------
現在你可輕易阻擋垃圾郵件，立即使用Yahoo! Mail  你就會相信!

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

On Mon, May 28, 2007 at 09:55:32AM +0800, Wilson Kwok
wrote:
> Hello,
>    
>       Can anyone tell me my shorewall is get hacked ? or local Lan
computers
>   got Virus ? please see the following log.
>    
>   http://www.wilson-kwok.com/shorewall.txt
>    
>   Please help 
Do you have a windows machine on your network?  Port 137 is the netbios
port.  It could just be searching for other windows machines on your
network.

Regards,

-Roberto
-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Yes, we have many Windows machine on local lan, you can see the log said
  many local lan IP using port 137 to boradcast (192.168.0.255) , so that
  shorewall receive the boardcast message is correctly ?
   
   
  Thanks
  

Roberto C. S嫕chez <roberto@connexer.com> 說：
  On Mon, May 28, 2007 at 09:55:32AM +0800, Wilson Kwok
wrote:
> Hello,
> 
> Can anyone tell me my shorewall is get hacked ? or local Lan computers
> got Virus ? please see the following log.
> 
> http://www.wilson-kwok.com/shorewall.txt
> 
> Please help 
Do you have a windows machine on your network? Port 137 is the netbios
port. It could just be searching for other windows machines on your
network.

Regards,

-Roberto
-- 
Roberto C. S嫕chez
http://people.connexer.com/~roberto
http://www.connexer.com
-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users


 	      
---------------------------------
現在你可輕易阻擋垃圾郵件，立即使用Yahoo! Mail  你就會相信!

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Wilson Kwok wrote:
>Yes, we have many Windows machine on local lan, you can see the log said
>many local lan IP using port 137 to boradcast (192.168.0.255) , so that
>shorewall receive the boardcast message is correctly ?
Yes, all those messages
DST=192.168.0.255 ... PROTO=UDP SPT=137 DPT=137
(and the port 138 packets) are just the Microsoft NetBIOS stuff 
working out what is on the network. In short, all the machines 
broadcast messages, work out ''who else is out there'', and hold
an
election to decide who is going to be the ''browse master'' for
a
workgroup. When you go into ''Network Neighbourhood'', your
machine
gets a list of other machines from the browse masters for each 
workgroup on the network.

Yes, as you can see, it involves a lot of broadcast traffic !

I similar thing happens with mDNS (Multicast DNS, aka ZeroConf, aka 
Bonjour or Rendevous in the Apple world) on port 5353 for ''more 
modern'' networking.


There is also some DHCP traffic (port 67 & 68).


I''m not sure what ports 1124 and 1357 are, but from what I have found 
on the net I don''t think they are anything to be worried about.

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/