Hiya, well looking at the port numbers 137 & 138 if I remember right thats netbios ports, are you running SAMBA ? on your network ?, anyway if you turn off those two ports on outgoing packets that should stop the other company accusing you of hacking. But if the other co had a real sys admin person they know thatr anyway. HTH
Eduardo Bencomo wrote: > > We are in a mixed network, which includes a router Cisco, a 3COM > swich common to the two networks and a hub where gateway/fire wall > linux computer is connected. > > One of the network is my company network (192.168.X.X / 255.255.0.0. I > am in charge of it) and the other network belongs to other company > (10.10.X.X / 255.255.0.0). This company has a VPN. Now, they are > accusing me as hacker, alleging we have tried to go into their VPN. As > prove of tha t , they are showing the following type of message: > > Oct 21 04:09:49 localhost kernel: Packet log: input REJECT eth0 > PROTO=6 > > 213.107.153.72:4512 216.72.44.186:27374 L=48 S=0x00 I=24273 F=0x4000 > T=109 SYN (#70) > > Oct 21 04:09:55 localhost kernel: Packet log: input DENY eth0 PROTO=17 > 192.168.2.185:138 > > 192.168.255.255:138 L=229 S=0x00 I=43989 F=0x000 T=128 (#71) > > Oct 21 04:10:01 localhost kernel: Packet log: input REJECT eth0 > PROTO=6 > > 213.107.153.72:4512 216.72.44.186:27374 L=48 S=0x00 I=24273 F=0x4000 > T=109 SYN (#70) > > Oct 21 04:10:08 localhost kernel: Packet log: input DENY eth0 PROTO=17 > 192.168.2.138:137 > > 192.168.255.255:137 L=78 S=0x00 I=49285 F=0x000 T=32 (#71) > > Oct 21 04:10:16 localhost kernel: Packet log: input DENY eth0 PROTO=17 > 192.168.2.20:138 > > 192.168.2.255:138 L=238 S=0x00 I=56451 F=0x000 T=32 (#71) > > Oct 21 04:10:20 localhost kernel: Packet log: input DENY eth0 PROTO=17 > 192.168.2.5:138 > > 192.168.2.255:138 L=234 S=0x00 I=39272 F=0x000 T=128 (#71) > > Oct 21 04:11:08 localhost kernel: Packet log: input DENY eth0 PROTO=17 > 192.168.2.5:137 > > 192.168.2.255:138 L=78 S=0x00 I=39528 F=0x000 T=128 (#71) > > Oct 21 04:12:00 localhost kernel: Packet log: input DENY eth0 PROTO=17 > 192.168.2.100:138 > > 192.168.255.255:138 L=241 S=0x00 I=31461 F=0x000 T=128 (#71) > > Oct 21 04:14:04 localhost kernel: Packet log: input DENY eth0 PROTO=17 > 192.168.2.172:137 > > 192.168.255.255:137 L=78 S=0x00 I=50473 F=0x000 T=32 (#71) > > They have as many as 40 pages of this type of messages , presenting > this "deny" access as the evidence we have tried to penetrate their > network. > > Since we are not int er ested is go into that VPN, nor we have tried > to do it, please help me in find a technnical explanation for the > "evidences" the have shown. > > Thanks. -- Richard Bown Ericsson Microwave Systems AB SE-431 84 Mölndal e-mail [EMAIL PROTECTED] tel +46 31 74 72422 mobile +46 7098 72422
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
