I'm used to all this scanning activity ... but it seems to have massively increased the last time: if I connect now to the Internet I can bet that in about the next 60 seconds /var/log/messages is showing the first scanner attempts ...
by far the overwhelming part of these scanning activities (or whatever it is ..) try to connect to port 137 on my machine .. and I understand from http://www.dshield.org/port_report.php?port=137&Submit= that most of these activities is harmless ... but when they explain here: http://www.dshield.org/ports/port137.html that "Windows has the habit of "probing" port 137" I can't relate this to the scanning activities against my machine, because the WWW. pages I try to access seem to be different from the machine that probe me .. So what is this "Windows probing port 137" thing .. does this mean every Windows home user machine on WWW probes other machines it thinks are part of its LAN or so? Darkness ... :) In anticipation thanks for some light ... Wolfgang Excerpt from my /var/log/messages: ######################################## Oct 27 18:47:32 <machine name> kernel: Packet log: input DENY ppp0 PROTO=17 64.132.240.103:1025 80.138.166.77:137 L=78 S=0x00 I=29395 F=0x0000 T=116 (#1) Oct 27 18:49:44 <machine name> kernel: Packet log: input DENY ppp0 PROTO=17 218.236.125.2:1025 80.138.166.77:137 L=78 S=0x00 I=8071 F=0x0000 T=115 (#1) Oct 27 18:53:00 <machine name> kernel: Packet log: input DENY ppp0 PROTO=17 61.38.182.76:1026 80.138.166.77:137 L=78 S=0x00 I=5021 F=0x0000 T=115 (#1) Oct 27 18:57:34 <machine name> kernel: Packet log: input DENY ppp0 PROTO=17 166.114.99.98:1028 80.138.166.77:137 L=78 S=0x00 I=12835 F=0x0000 T=115 (#1) Oct 27 19:03:25 <machine name> kernel: Packet log: input DENY ppp0 PROTO=17 200.50.44.229:1025 80.138.166.77:137 L=78 S=0x00 I=58195 F=0x0000 T=18 (#1) Oct 27 19:08:07 <machine name> kernel: Packet log: input DENY ppp0 PROTO=17 211.229.185.71:1026 80.138.166.77:137 L=78 S=0x00 I=23629 F=0x0000 T=12 (#1) Oct 27 19:08:36 <machine name> kernel: Packet log: input DENY ppp0 PROTO=17 218.234.92.96:1027 80.138.166.77:137 L=78 S=0x00 I=61871 F=0x0000 T=116 (#1) Oct 27 19:10:55 <machine name> kernel: Packet log: input DENY ppp0 PROTO=17 211.35.191.145:1071 80.138.166.77:137 L=78 S=0x00 I=24863 F=0x0000 T=113 (#1) Oct 27 19:11:25 <machine name> kernel: Packet log: input DENY ppp0 PROTO=17 63.215.155.248:1026 80.138.166.77:137 L=78 S=0x00 I=32101 F=0x0000 T=121 (#1) Oct 27 19:12:50 <machine name> kernel: Packet log: input DENY ppp0 PROTO=17 212.71.38.132:1028 80.138.166.77:137 L=78 S=0x00 I=33174 F=0x0000 T=119 (#1) Oct 27 19:18:22 <machine name> kernel: Packet log: input DENY ppp0 PROTO=17 210.214.156.1:1025 80.138.166.77:137 L=78 S=0x00 I=24707 F=0x0000 T=113 (#1) ############################################################# -- Key on: http://home.t-online.de/home/520050060325-0001/ Key fingerprint = 5FFA E2D1 6DB5 C023 0C5F 3FA7 4E08 5F9F 1560 0BA8 Home Page: www.geocities.com/wolfgangpfeiffer/ -- END TRANSMISSION -- -- redhat-list mailing list unsubscribe mailto:redhat-list-request@;redhat.com?subject=unsubscribe https://listman.redhat.com/mailman/listinfo/redhat-list
