Re: newbie iptables question
Hi What those lines is saying is that on your ppp0 interface (your dialup) you got a SYN packet from 201.129.122.85 (SRC) to 12.65.24.43 (DST) sent from port 4346 (SPT) to port 445 (DPT). SYN packages is sent to establish a connection. Port 445 is listed as microsoft-ds (Microsoft Naked CIFS) so I would guess it was some search for windows machines for some exploit ... But what you need to know to learn how to read the logs is: SRC = reported sending IP for the package. DST = reported target IP for the package. SPT = reported sending port for the package. DPT = reported target port for the package. For the target port you can often find it in /etc/services if its a standard port for a known service. Hope this cleared this up a little, I'm not that much of a teacher ... :) /Martin 13 Aug 2004, Wanda Round wrote: > After reading that I should look through /var/log/messages, I did > and found many lines like these: > > Aug 12 04:36:53 towern kernel: |iptables -- IN=ppp0 OUT= MAC= > SRC=201.129.122.85 DST=12.65.24.43 LEN=48 TOS=0x00 PREC=0x00 TTL=115 > ID=40023 DF PROTO=TCP SPT=4346 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0 > > Aug 12 04:40:59 towern kernel: |iptables -- IN=ppp0 OUT= MAC= > SRC=83.36.139.197 DST=12.65.24.43 LEN=52 TOS=0x00 PREC=0x00 TTL=46 > ID=19155 DF PROTO=TCP SPT=4845 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0 > > The 12.65.24.43 was my dialup connection. The 201.129.etc and 83.36.etc > were from Mexico and Spain. > > MAN iptables didn't help me at all! > > What are these lines telling me? Where can I find a simpler explanation > of iptables logs? > > -- > Wanda > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- /Martin Grape Network and System Admin Trema Laboratories SARL Email : [EMAIL PROTECTED] | 1300 route des Cretes Phone : +33-4-92384149 | Parc de Sophia-Antipolis GSM : +33-6-30655938 | F-06560 Valbonne, France -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: port 16001 and 111
15 Oct 2002, Jussi Ekholm wrote: > Still, the connection attempt from localhost to port 111 puzzles me... Of the top of my head: Do you have any nfs services running on the machine? I seem to remember sunrpc beeing used by the nfs-server ... -- /Martin Grape Network and System Admin Trema (Europe) AB Email : [EMAIL PROTECTED]| Trema (Europe) AB Phone : +46-8-4061161 | Drottningatan 33, 1st floor GSM : +46-70-6326350| S-103 24 Stockholm, Sweden
Re: port 16001 and 111
15 Oct 2002, Jussi Ekholm wrote: > Still, the connection attempt from localhost to port 111 puzzles me... Of the top of my head: Do you have any nfs services running on the machine? I seem to remember sunrpc beeing used by the nfs-server ... -- /Martin Grape Network and System Admin Trema (Europe) AB Email : [EMAIL PROTECTED]| Trema (Europe) AB Phone : +46-8-4061161 | Drottningatan 33, 1st floor GSM : +46-70-6326350| S-103 24 Stockholm, Sweden -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: A Linux version of system and network monitoring?
29 Apr 2002, Crawford Rainwater wrote: > Folks, > > Does anyone know of a Linux based system and network > monitoring program out there? Similar to Tivoli or > HP OpenView, preferably under GPL and free? If so, > links and such would be great. > > This would be used to monitor a remote system being > "up" or "down" along with potentially UPS networked > device as well. > > Thanks in advance. > > --- Crawford http://www.netsaint.org/ might be what your looking for. -- /Martin Grape Network and System Admin Trema (Europe) AB Email : [EMAIL PROTECTED]| Trema (Europe) AB Phone : +46-8-4061161 | Drottningatan 33, 1st floor GSM : +46-70-6326350| S-103 24 Stockholm, Sweden -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: A Linux version of system and network monitoring?
29 Apr 2002, Crawford Rainwater wrote: > Folks, > > Does anyone know of a Linux based system and network > monitoring program out there? Similar to Tivoli or > HP OpenView, preferably under GPL and free? If so, > links and such would be great. > > This would be used to monitor a remote system being > "up" or "down" along with potentially UPS networked > device as well. > > Thanks in advance. > > --- Crawford http://www.netsaint.org/ might be what your looking for. -- /Martin Grape Network and System Admin Trema (Europe) AB Email : [EMAIL PROTECTED]| Trema (Europe) AB Phone : +46-8-4061161 | Drottningatan 33, 1st floor GSM : +46-70-6326350| S-103 24 Stockholm, Sweden -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
