NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FOCUS-Linux> 2000-q4

Subject: Re: ipchains newbee question
From: Herban Octavian (taviTRANSART.RO)
Date: Thu Oct 05 2000 - 02:18:54 CDT

Next message: Herban Octavian: "Re: How do i limit user processes (number / cpu usage) on slack 7.0 kernel 2.2.17?"
Previous message: Daniel Knighten: "Re: Subnetting, firewall setup"
In reply to: Koen Serry: "ipchains newbee question"
Next in thread: John Sage: "Re: ipchains newbee question (long)"
Reply: Herban Octavian: "Re: ipchains newbee question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

   Hi all. This is my first post on this list, please escuse my english.
   The port 138 is the port used by windows machines (or samba on linux).
It's "NETBIOS Datagram Service" as is defined in /etc/services.
   The 520 port is used (if I know well) to exchange routing information
between routers that uses dynamically routing protocols (eq RIP).
   All the pachets you show on the log are sent via broadcast. This is the
normal way of working of both netbios datagram and rip protocols.

Have a nice day,

Tavi

-----Original Message-----
From: Focus on Linux Mailing List
[mailto:FOCUS-LINUXSECURITYFOCUS.COM]On Behalf Of Koen Serry
Sent: Wednesday, October 04, 2000 10:49 PM
To: FOCUS-LINUXSECURITYFOCUS.COM
Subject: ipchains newbee question

Hi all,

I'm not writing much too this mailling list as I'm learning to setup
ipchains for the moment and feel far from competent enough.
So far i've been able to set up the standard RH firewall script (easy I
know) and understand what it does. But now my logs clutter with this stuff

Oct 4 21:31:13 www kernel: Packet log: input DENY eth0 PROTO=17
192.168.254.1:138 192.168.254.255:138 L=241 S=0x00 I=54749 F=0x0000 T=64
(#12)
Oct 4 21:31:13 www kernel: Packet log: input DENY eth0 PROTO=17
192.168.254.1:138 192.168.254.255:138 L=232 S=0x00 I=54750 F=0x0000 T=64
(#12)
Oct 4 21:37:06 www kernel: Packet log: input DENY eth0 PROTO=17
192.168.254.254:520 224.0.0.9:520 L=72 S=0x00 I=34933 F=0x0000 T=60 (#12)
Oct 4 21:37:36 www kernel: Packet log: input DENY eth0 PROTO=17
192.168.254.254:520 192.168.254.255:520 L=72 S=0x00 I=34934 F=0x0000 T=60
(#12)

Now since neither port 138 as 520 sound familiar I though maybe one of you
could help me out. What are they? Is someone trying to get in or out?

Thanks in advance
Koen Serry

Next message: Herban Octavian: "Re: How do i limit user processes (number / cpu usage) on slack 7.0 kernel 2.2.17?"
Previous message: Daniel Knighten: "Re: Subnetting, firewall setup"
In reply to: Koen Serry: "ipchains newbee question"
Next in thread: John Sage: "Re: ipchains newbee question (long)"
Reply: Herban Octavian: "Re: ipchains newbee question"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]