Good Deal. <Paranoid mode off> I was wondering why I could not traceroute
back to that machine. A private network would explain it. I guess they
could have rewrote the packet. ???
Out of curiosity... Why does xinetd have to restart for a request?
-----Original Message-----
From: Gordon Rowell [mailto:[EMAIL PROTECTED]]
Sent: Sunday, February 04, 2001 10:32 AM
To: Daniel C. Slagle
Cc: [EMAIL PROTECTED]
Subject: Re: [e-smith-devinfo] NetBios / Firewall Issues (RC2)
On Sun, Feb 04, 2001 at 07:32:41AM -0500, "Daniel C. Slagle"
<[EMAIL PROTECTED]> wrote:
> I have not changed anything in the smb.conf and have made sure that 'bind
> interfaces only' is set to 'yes'. (I figured it was) The "filewall" is
in
> it default setup also.
All of the logs below look good to me - the packet filter is blocking
things you don't want :-)
> Snippets from log
> --
> Feb 4 06:44:00 pluto kernel: Packet log: denylog DENY eth1 PROTO=17
> 63.121.32.216:137 63.237.78.36:137 L=78 S=0x00 I=6308 F=0x0000 T=114 (#1)
> --
> Feb 3 18:21:11 danslagle kernel: Packet log: denylog DENY eth1 PROTO=17
> 172.16.0.15:137 63.248.85.245:137 L=78 S=0x00 I=41324 F=0x0000 T=116 (#1)
Random netbios junk on the Internet. We should probably have a fragment to
silently ignore this. The second one is interesting - it's from an RFC1918
address...
> Others
> --
> Feb 3 20:27:30 danslagle kernel: Packet log: denylog DENY eth1 PROTO=6
> 64.56.207.76:4124 63.248.85.245:111 L=60 S=0x00 I=38743 F=0x4000 T=53 SYN
> (#1)
Scan for RPC portmapper.
> Feb 2 21:30:10 danslagle kernel: Packet log: denylog DENY eth1 PROTO=6
> 63.228.91.89:3771 63.248.85.245:515 L=60 S=0x00 I=18390 F=0x4000 T=50 SYN
> (#1)
Scan for printer service.
> Feb 2 17:48:35 danslagle kernel: Packet log: denylog DENY eth1 PROTO=6
> 209.98.64.151:15372 63.248.85.245:111 L=60 S=0x00 I=11051 F=0x4000 T=50
SYN
> (#1)
And again for the portmapper.
> Could someone explain this one?
> Feb 3 08:51:18 danslagle xinetd[541]: START: auth pid=1960
> from=208.31.42.77
Probably an auth request from a site to which you sent mail.
Gordon
--
Gordon Rowell [EMAIL PROTECTED]
http://www.e-smith.org (development) http://www.e-smith.com (corporate)
Phone: +1 (613) 564 8000 ext. 4378 Fax: +1 (613) 564 7739
e-smith, inc. 1500-150 Metcalfe St, Ottawa, ON K2P 1P1 Canada