you are the man. thank you. FYI bering is version rc-2. thanks- matt
-----Original Message----- From: Tom Eastep [mailto:[EMAIL PROTECTED]] Sent: Monday, August 12, 2002 10:04 AM To: Matt Russell Cc: [EMAIL PROTECTED] Subject: Re: [leaf-user] Windows XP attacking my firewall? On Mon, 12 Aug 2002, Matt Russell wrote: > in /var/log/syslog i get the following error repeated three times every 25 > seconds: > > Aug 9 15:45:23 firewall kernel: Shorewall:all2all:REJECT:IN=eth0 OUT= > MAC=00:04:76:e2:6c:6c:00:40:95:30:aa:71:08:00 SRC=192.0.1.11 DST=192.0.1.7 > LEN=160 TOS=0x00 PREC=0x00 TTL=128 ID=10522 PROTO=UDP SPT=1037 DPT=1900 > LEN=140 > > a quick look on the TCP/IP common port listings suggests that this is due to > ssdp. would that make sense? should i be authorizing a port on the firewall > to allow XP to do this? > This is UPNP -- you must have an old version of Shorewall as later versions had an entry for this in the common.def file. You can kill these by creating /etc/shorewall/common (if that file isn't there already) and add the following to it: run_iptables -A common -p UDP --dport 1900 -j DROP Or upgrade your Shorewall. -Tom -- Tom Eastep \ Shorewall - iptables made easy AIM: tmeastep \ http://www.shorewall.net ICQ: #60745924 \ [EMAIL PROTECTED] ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html