Hello all,
I have many ANTI-SPOOFINGs. I spoofed from my public IP to my broadcast and I do not why? Here is the log file that I got: Jun 5 14:49:55 server1 kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0 OUT= MAC= SRC=[My Public IP] DST=[My Public Broadcast] LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=32
Does it mean that someone tries to hack me? If it is, how can I protect myself from hacking?
Thank you so much for your assistance.
Best regards, Chan Choth
Hi,
this behavor of SuSEfirewall2 is normal if the broadcast is issued from your machine itself. The anti-spoofing-rules complain about EVERYTHING that arrives non your network interface and has your own source IP. If you run software that uses UDP port 520 (RIP) and everything works fine, just ignore the warnings; they are part of normal operation. If you need to receive those packets, add a custom rule to your SuSEfirewall2-custom file (don't forget to activate this file in the main script). Note that you won't notice when anybody on your subnet would send spoofed broadcast packets on UDP port 520 with your IP address. You can also use custom rules to silently drop those packets without being logged. This is useful for packets considered harmless, so only real warnings get logged.
Regards, Holger
Am Donnerstag, 5. Juni 2003 09:57 schrieb Puth Chan Choth:
Hello all,
I have many ANTI-SPOOFINGs. I spoofed from my public IP to my broadcast and I do not why? Here is the log file that I got: Jun 5 14:49:55 server1 kernel: SuSE-FW-DROP-ANTI-SPOOFING IN=eth0 OUT= MAC= SRC=[My Public IP] DST=[My Public Broadcast] LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=UDP SPT=520 DPT=520 LEN=32
Does it mean that someone tries to hack me? If it is, how can I protect myself from hacking?
Thank you so much for your assistance.
Best regards, Chan Choth
Hi!
I am running Suse 8.0 and try to configure sendmail (not postfix) to allow relaying via SMTP-AUTH with plaintext auth. I try all the possibilities found in the readme's but it seem it does not work.
The server tell me that it accept AUTH and also AUTH with PLAIN and LOGIN but it always return an error if I tra to connect with AUTH.
here the answers: ---------------- 220 garfield.pcs ESMTP Sendmail 8.12.7/8.12.7/SuSE Linux 0.6; Thu, 12 Jun 2003 16:03:14 +0200 ehlo pcs-at.com 250-garfield.pcs Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH LOGIN PLAIN 250-DELIVERBY 250 HELP ---------------- and the error message from kmail is:
"Ihr SMTP-Server unterstützt PLAIN nicht" a free translation of this is "the SMTP-Server does not support PLAIN"
anny suggestions?
Rainer Pietsch schrieb:
I am running Suse 8.0 and try to configure sendmail (not postfix) to allow relaying via SMTP-AUTH with plaintext auth.
The user "test" with password "test" is as local user and as sasl user present. the conversation with plain is:
220 garfield.pcs ESMTP Sendmail 8.12.7/8.12.7/SuSE Linux 0.6; Thu, 12 Jun 2003 17:17:41 +0200 ehlo garfield 250-garfield.pcs Hello tux.pcs [172.19.11.10], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH LOGIN PLAIN 250-DELIVERBY 250 HELP AUTH PLAIN dGVzdAB0ZXN0AHRlc3Q= 535 5.7.0 authentication failed quit 221 2.0.0 garfield.pcs closing connection
-
Holger Schletz -
Puth Chan Choth -
Rainer Pietsch