Mailinglist Archive: opensuse (3103 mails)

< Previous Next >
Firewall Log Interpretation Requested
  • From: "L. Mark Stone" <LMStone@xxxxxxxxxxx>
  • Date: 11 Feb 2003 22:10:55 -0500
  • Message-id: <1045019455.2317.7.camel@xxxxxxxxxxxxxxxxxxxxxx>
Can anyone interpret the following firewall notices from
/var/log/messages?

I get these messages on bootup, and about once an hour or so thereafter.
I'm guessing that this is either my ISP (Verizon) trying to do a NetBIOS
call, or a bunch of machines running Kazaa trying to see what my box has
to share (not much...)

I'd just like to understand better how to determine if this probing is
innocuous, or with bad intent.

FYI the Linux box is connected to a D-Link DI-704P DSL router performing
DHCP. The D-Link device always assigns the IP address of 192.168.0.247
to the Linux box.

Thanks!
L. Mark Stone

Feb 11 21:58:52 bronxville kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0
OUT= MAC= SRC=192.168.0.247 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=5 DF PROTO=UDP SPT=137 DPT=137 LEN=76
Feb 11 21:58:52 bronxville kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0
OUT= MAC= SRC=192.168.0.247 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=6 DF PROTO=UDP SPT=137 DPT=137 LEN=76
Feb 11 21:58:52 bronxville kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0
OUT= MAC= SRC=192.168.0.247 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=7 DF PROTO=UDP SPT=137 DPT=137 LEN=76
Feb 11 21:58:52 bronxville kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0
OUT= MAC= SRC=192.168.0.247 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=8 DF PROTO=UDP SPT=137 DPT=137 LEN=76
Feb 11 21:58:52 bronxville kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0
OUT= MAC= SRC=192.168.0.247 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=9 DF PROTO=UDP SPT=137 DPT=137 LEN=76
Feb 11 21:58:52 bronxville kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0
OUT= MAC= SRC=192.168.0.247 DST=192.168.0.255 LEN=252 TOS=0x00 PREC=0x00
TTL=64 ID=11 DF PROTO=UDP SPT=138 DPT=138 LEN=232
Feb 11 21:58:53 bronxville kernel: IPv6 v0.8 for NET4.0
Feb 11 21:58:53 bronxville kernel: IPv6 over IPv4 tunneling driver
Feb 11 21:58:53 bronxville sshd[1061]: Server listening on :: port 22.
Feb 11 21:58:53 bronxville webmin[1059]: Webmin starting
Feb 11 21:58:54 bronxville kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0
OUT= MAC= SRC=192.168.0.247 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=17 DF PROTO=UDP SPT=137 DPT=137 LEN=76
Feb 11 21:58:54 bronxville kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0
OUT= MAC= SRC=192.168.0.247 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=18 DF PROTO=UDP SPT=137 DPT=137 LEN=76
Feb 11 21:58:54 bronxville kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0
OUT= MAC= SRC=192.168.0.247 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=19 DF PROTO=UDP SPT=137 DPT=137 LEN=76
Feb 11 21:58:54 bronxville kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0
OUT= MAC= SRC=192.168.0.247 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=20 DF PROTO=UDP SPT=137 DPT=137 LEN=76
Feb 11 21:58:54 bronxville kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0
OUT= MAC= SRC=192.168.0.247 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=21 DF PROTO=UDP SPT=137 DPT=137 LEN=76
Feb 11 21:58:54 bronxville kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0
OUT= MAC= SRC=192.168.0.247 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=27 DF PROTO=UDP SPT=137 DPT=137 LEN=76
Feb 11 21:58:54 bronxville kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0
OUT= MAC= SRC=192.168.0.247 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=28 DF PROTO=UDP SPT=137 DPT=137 LEN=76
Feb 11 21:58:54 bronxville kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0
OUT= MAC= SRC=192.168.0.247 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=29 DF PROTO=UDP SPT=137 DPT=137 LEN=76
Feb 11 21:58:54 bronxville kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0
OUT= MAC= SRC=192.168.0.247 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=30 DF PROTO=UDP SPT=137 DPT=137 LEN=76
Feb 11 21:58:54 bronxville kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0
OUT= MAC= SRC=192.168.0.247 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=31 DF PROTO=UDP SPT=137 DPT=137 LEN=76
Feb 11 21:58:55 bronxville SuSEfirewall2: Firewall rules successfully
set from /etc/sysconfig/SuSEfirewall2
Feb 11 21:58:55 bronxville kernel: PCI: Setting latency timer of device
00:04.5 to 64
Feb 11 21:58:56 bronxville kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0
OUT= MAC= SRC=192.168.0.247 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=37 DF PROTO=UDP SPT=137 DPT=137 LEN=76
Feb 11 21:58:56 bronxville kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0
OUT= MAC= SRC=192.168.0.247 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=38 DF PROTO=UDP SPT=137 DPT=137 LEN=76
Feb 11 21:58:56 bronxville kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0
OUT= MAC= SRC=192.168.0.247 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=39 DF PROTO=UDP SPT=137 DPT=137 LEN=76
Feb 11 21:58:56 bronxville kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0
OUT= MAC= SRC=192.168.0.247 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=40 DF PROTO=UDP SPT=137 DPT=137 LEN=76
Feb 11 21:58:56 bronxville kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0
OUT= MAC= SRC=192.168.0.247 DST=192.168.0.255 LEN=96 TOS=0x00 PREC=0x00
TTL=64 ID=41 DF PROTO=UDP SPT=137 DPT=137 LEN=76



--
___________________________________________________________________
A Message From... L. Mark Stone
http://www.lmstone.com




< Previous Next >
Follow Ups