-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Friday 01 August 2003 02:13, jalal wrote: <snip>
Well, I'm no expert, but I've been looking at such things for a little while (I got curious about some log entries, same as you).
SuSE-FW-DROP-DEFAULT means that the packet has been silently dropped, which is a *good* thing. LEN is the length of the packet. TOS,PREC,TTL,ID are of little interest. SPT is the source port DPT is the destination port.
It looks like someone probing your ports, although why they would stick to that range of ports is a bit strange. Is it the RIAA (what port does Kazaa use???).
If you're real curious, its interesting to capture packets for a while, and then peek inside them, for which I use ethereal. The log above gives the time of the packet of interest, then you can look at the contents of the packet through etheral.
HTH helps, if anyone has more in depth info, it would be good.
cheers, jalal
Yessir, that helped a lot, since you've now made me just a tad less ignorant. As for it being RIAA...who knows, but if it was, they were looking in the wrong spot(s) I guess, since anyone else who's wanted to has been able to look at the files in my shared directory...and not had to take almost 4 minutes doing so, heh. I think I tried to install ethereal once, but some dependency I had to install for it to work wouldn't install, so I gave up. I'll look into it again though...maybe something's changed somewhere. Thanks again, I appreciate it. John -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/KoylH5oDXyLKXKQRAjFYAJ4saW8sIa7ZATxc+1z23ywagNFvBACfVGPL I3vZbaqMNs2p5zRgpyWlr8c= =ku5B -----END PGP SIGNATURE-----