Mailinglist Archive: opensuse (4348 mails)

< Previous Next >
RE: [SLE] SuSEfirewall


I'll break it down for you

> Oct 3 07:34:12 Gringo kernel: SuSE-FW-DROP
Header


IN=ippp0
Connection from ippp0 ( I assume this is your public connection)

>SRC=80.59.176.41 DST=150.101.6.219
Self explanitory IP 80.59.176.41 is connecting to 150.101.6.219

LEN=48 TOS=0x00 PREC=0x00
> TTL=103 ID=33501
> DF PROTO=TCP SPT=54286 DPT=139 WINDOW=8192 RES=0x00 SYN URGP=0 OPT

It's trying to establish a connection to port 139. typically these are
signs
Of nimda making its way around the net. See the link below for more
info
And a really nice log analysis tool.

http://logi.cc/linux/NetfilterLogAnalyzer.php3#1


< Previous Next >
Follow Ups
References