OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: ipchains newbee question
From: Koen Serry (KoenSERRY.ORG)
Date: Wed Oct 04 2000 - 14:48:54 CDT

Hi all,

I'm not writing much too this mailling list as I'm learning to setup
ipchains for the moment and feel far from competent enough.
So far i've been able to set up the standard RH firewall script (easy I
know) and understand what it does. But now my logs clutter with this stuff

Oct 4 21:31:13 www kernel: Packet log: input DENY eth0 PROTO=17
192.168.254.1:138 192.168.254.255:138 L=241 S=0x00 I=54749 F=0x0000 T=64
(#12)
Oct 4 21:31:13 www kernel: Packet log: input DENY eth0 PROTO=17
192.168.254.1:138 192.168.254.255:138 L=232 S=0x00 I=54750 F=0x0000 T=64
(#12)
Oct 4 21:37:06 www kernel: Packet log: input DENY eth0 PROTO=17
192.168.254.254:520 224.0.0.9:520 L=72 S=0x00 I=34933 F=0x0000 T=60 (#12)
Oct 4 21:37:36 www kernel: Packet log: input DENY eth0 PROTO=17
192.168.254.254:520 192.168.254.255:520 L=72 S=0x00 I=34934 F=0x0000 T=60
(#12)

Now since neither port 138 as 520 sound familiar I though maybe one of you
could help me out. What are they? Is someone trying to get in or out?

Thanks in advance
Koen Serry