-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 04 September 2001 09:48 pm, Eduardo P. Román O. wrote: > This appear a lot of time in my log; > Sep 2 02:35:32 myhost kernel: Packet log: input DENY eth1 PROTO=17 > XX.XX.XX.XX:50255 YY.YY.YY.YY:53 L=72 S=0x00 I=31582 F=0x4000 T=64 > (#1) > > where XX.XX.XX.XX is an know IP and YY.YY.YY.YY is my hosts IP. > > How know what happenend ???? Someone is trying to talk to/crack TCP/IP port 53 (DNS) on your box. Firewall code (IPtables for kernel 2.4 or ipchains for 2.2) has given the kernel a rule to block (DENY) this port. (More likely, the ruleset is: allow only certain ports, and DENY the rest.) $ grep " 53\/" /etc/services domain 53/tcp Domain Name Server domain 53/udp Domain Name Server - -- Tue Sep 4 22:49:51 2001 Seq. Timestamp Uptime - ---- ------------------------ ------------ 1: Mon Jul 16 16:28:17 2001 - 43 07:21:59 - 2.4.6-3mdk 2: Thu May 17 01:44:04 2001 - 35 15:31:51 - 2.4.3-20mdk 3: Thu Jun 21 17:33:18 2001 - 10 05:29:02 - 2.4.3-20mdk 9: Mon Sep 3 21:34:47 2001 - 1 01:15:04 - 2.4.9 <<-- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7laIGjTz5dS9Us5wRAgL0AJ4i8jj3RRF9hObpbS5N/fvRKJ28CACfWdCj fm2wAVuA13NnUXL7k4yCoC0= =pI2J -----END PGP SIGNATURE-----
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
