This all points to the name server at you ISP being "owned" by a hacker. Many, many hacker tools (including port scanners like nmap) have the option to attack with a source port of 53. I would ask your ISP to stop attacking you network and see what they say :-) Cheers Nix At 05:51 PM 24/05/2001, you wrote:
* Jörg Schütter <joerg.schuetter@gmx.de> [010524 10:42]:
Is there a nfs-server running on 212.156.196.114 ? If a name-lookup is startet the source-port is a free one above 1024. If there is no nfs-server running on this computer averityhing seems to bee all right.
No there is no nfs server running on that pc on the other hand I have checked my logs and found that 212.156.4.20 (nameserver of my ISP) had made requests to port 137 which were also denied by IPCHAINS.
So if there is an err; is it on my side (ie firewall configuration )or at the ISP side ?
-- Togan Muftuoglu
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Viel Spaß Nix - nix@susesecurity.com http://www.susesecurity.com