I have the following in my log file.
Feb 2 03:37:23 weisktsv03 kernel: Packet log: input DENY eth0 PROTO=6
202.64.65.202:1619 24.68.176.193:98 L=60 S=0x00 I=41281 F=0x4000 T=45 SYN
(#12)
Feb 2 03:37:26 weisktsv03 kernel: Packet log: input DENY eth0 PROTO=6
202.64.65.202:1619 24.68.176.193:98 L=60 S=0x00 I=42927 F=0x4000 T=44 SYN
(#12)
It looks like this machine was trying to connect to Linuxconf. Is someone
knocking on the door?
I also found:
Feb 2 07:34:04 weisktsv03 kernel: Packet log: input DENY eth0 PROTO=6
212.205.59.145:3734 24.68.176.193:27374 L=48 S=0x00 I=32569 F=0x4000 T=118
SYN (#12)
What's this guy up to?
Feb 2 08:02:01 weisktsv03 kernel: Packet log: input DENY eth0 PROTO=17
207.195.38.51:137 24.68.176.193:137 L=78 S=0x00 I=2037 F=0x0000 T=118 (#12)
204.195.38.51 is SASK1, is this a SaskTel server? Is someone getting cute
and trying to determine my server type?
Feb 2 08:46:58 weisktsv03 kernel: Packet log: input DENY eth1 PROTO=17
204.112.20.157:14247 255.255.255.255:14247 L=34 S=0x00 I=17931 F=0x0000
T=125 (#12)
I don't know what these ports are for.
Feb 2 08:49:15 weisktsv03 kernel: Packet log: input DENY eth0 PROTO=17
198.163.176.3:996 24.68.176.193:1024 L=104 S=0x00 I=18530 F=0x0000 T=121
(#12)
996 is the XTree license server. What the heck is that? Why is it trying
to connect reserved port 1024?
Feb 2 08:51:10 weisktsv03 kernel: Packet log: input DENY eth1 PROTO=17
0.0.0.0:68 255.255.255.255:67 L=328 S=0x00 I=256 F=0x0000 T=32 (#12)
What's going on here? Who is looking for a BOOTP server? Is this something
to worry about.
I invite your comments. Is there anything suspicious going on here?
Cheers,
Rob
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
