Mailinglist Archive: opensuse-security (224 mails)
| < Previous | Next > |
Re: Fwd: RE: [suse-security] My SuSEFirewall blocks something than my LAM can not surfing in internet anymore.
- From: Prabu Subroto <prabu_subroto@xxxxxxxxx>
- Date: Fri, 28 Feb 2003 06:27:15 -0800 (PST)
- Message-id: <20030228142715.24698.qmail@xxxxxxxxxxxxxxxxxxxxxxx>
It is embarassing.....:(
I will do that again if the problem happened again. I
will grep correctly.
Thank you...
--- Ian David Laws <ian@xxxxxxxxxxxxxxxx> wrote:
> Hi Prabu
>
> you see that it is ssh if you look at the
> destination port DST it is 22 or SSH
> .
>
> Ian
>
> ---------- Forwarded Message ----------
>
> Subject: RE: [suse-security] My SuSEFirewall blocks
> something than my LAM can
> not surfing in internet anymore.
> Date: Fri, 28 Feb 2003 06:01:33 -0800 (PST)
> From: Prabu Subroto <prabu_subroto@xxxxxxxxx>
> To: SuSE Security Milis <suse-security@xxxxxxxx>
>
> Dear Peer....
>
> I tried the command line from you. But the output is
> empty...
> I grep nothing...
>
> I will repeat this threat from you if the problem
> comes again.
> Btw, how can you know that what I send to you was
> only
> ssh?
>
> Please help me, I am stucked...
>
> --- Peer Stefan <stefan.peer@xxxxxxxx> wrote:
> > Hi Prabu,
> >
> > Sorry to say so, but this trace shows nothing more
> > than a connection-trace of your ssh-session
> (DPT=22
> > ...).
> > Don't tail /var/log/messages, it's quite big and
> > gets filled really fast.
> > Do a "cat /var/log/messages|grep DTP=80|grep -v
> > DST=192.168.23.10" in order to get all the
> outgoing
> > http-stuff.
> >
> > so long,
> > Stefan
> >
> > btw. I'm called Stefan - it's a bit queer here in
> > Austria, we always put the last name in front ;-)
> >
> > > From: Prabu Subroto
> >
> > [mailto:prabu_subroto@xxxxxxxxx]
> >
> > > Dear my friend, Peer...
> > >
> > > Today morning, it happened again. I follow your
> >
> > advice
> >
> > > and this is the 60 lines of my
> "/var/log/messages"
> > > file:
> > > "
> > > proxy:/var/log # tail -n 60 messages
> > > Feb 27 14:04:49 proxy kernel:
> > > SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT=
> > > MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00
> > > SRC=192.168.23.237 DST=192.168.23.10 LEN=52
> >
> > TOS=0x10
> >
> > > PREC=0x00 TTL=64 ID=4343 DF PROTO=TCP SPT=1132
> >
> > DPT=22
> >
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail:
> suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx,
> not here
>
__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
I will do that again if the problem happened again. I
will grep correctly.
Thank you...
--- Ian David Laws <ian@xxxxxxxxxxxxxxxx> wrote:
> Hi Prabu
>
> you see that it is ssh if you look at the
> destination port DST it is 22 or SSH
> .
>
> Ian
>
> ---------- Forwarded Message ----------
>
> Subject: RE: [suse-security] My SuSEFirewall blocks
> something than my LAM can
> not surfing in internet anymore.
> Date: Fri, 28 Feb 2003 06:01:33 -0800 (PST)
> From: Prabu Subroto <prabu_subroto@xxxxxxxxx>
> To: SuSE Security Milis <suse-security@xxxxxxxx>
>
> Dear Peer....
>
> I tried the command line from you. But the output is
> empty...
> I grep nothing...
>
> I will repeat this threat from you if the problem
> comes again.
> Btw, how can you know that what I send to you was
> only
> ssh?
>
> Please help me, I am stucked...
>
> --- Peer Stefan <stefan.peer@xxxxxxxx> wrote:
> > Hi Prabu,
> >
> > Sorry to say so, but this trace shows nothing more
> > than a connection-trace of your ssh-session
> (DPT=22
> > ...).
> > Don't tail /var/log/messages, it's quite big and
> > gets filled really fast.
> > Do a "cat /var/log/messages|grep DTP=80|grep -v
> > DST=192.168.23.10" in order to get all the
> outgoing
> > http-stuff.
> >
> > so long,
> > Stefan
> >
> > btw. I'm called Stefan - it's a bit queer here in
> > Austria, we always put the last name in front ;-)
> >
> > > From: Prabu Subroto
> >
> > [mailto:prabu_subroto@xxxxxxxxx]
> >
> > > Dear my friend, Peer...
> > >
> > > Today morning, it happened again. I follow your
> >
> > advice
> >
> > > and this is the 60 lines of my
> "/var/log/messages"
> > > file:
> > > "
> > > proxy:/var/log # tail -n 60 messages
> > > Feb 27 14:04:49 proxy kernel:
> > > SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT=
> > > MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00
> > > SRC=192.168.23.237 DST=192.168.23.10 LEN=52
> >
> > TOS=0x10
> >
> > > PREC=0x00 TTL=64 ID=4343 DF PROTO=TCP SPT=1132
> >
> > DPT=22
> >
>
> --
> Check the headers for your unsubscription address
> For additional commands, e-mail:
> suse-security-help@xxxxxxxx
> Security-related bug reports go to security@xxxxxxx,
> not here
>
__________________________________________________
Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, more
http://taxes.yahoo.com/
| < Previous | Next > |