Fwd: RE: [suse-security] My SuSEFirewall blocks something than my LAM can not surfing in internet anymore.
Hi Prabu
you see that it is ssh if you look at the destination port DST it is 22 or SSH
.
Ian
---------- Forwarded Message ----------
Subject: RE: [suse-security] My SuSEFirewall blocks something than my LAM can
not surfing in internet anymore.
Date: Fri, 28 Feb 2003 06:01:33 -0800 (PST)
From: Prabu Subroto
Hi Prabu,
Sorry to say so, but this trace shows nothing more than a connection-trace of your ssh-session (DPT=22 ...). Don't tail /var/log/messages, it's quite big and gets filled really fast. Do a "cat /var/log/messages|grep DTP=80|grep -v DST=192.168.23.10" in order to get all the outgoing http-stuff.
so long, Stefan
btw. I'm called Stefan - it's a bit queer here in Austria, we always put the last name in front ;-)
From: Prabu Subroto
[mailto:prabu_subroto@yahoo.com]
Dear my friend, Peer...
Today morning, it happened again. I follow your
advice
and this is the 60 lines of my "/var/log/messages" file: " proxy:/var/log # tail -n 60 messages Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4343 DF PROTO=TCP SPT=1132
DPT=22
It is embarassing.....:(
I will do that again if the problem happened again. I
will grep correctly.
Thank you...
--- Ian David Laws
Hi Prabu
you see that it is ssh if you look at the destination port DST it is 22 or SSH .
Ian
---------- Forwarded Message ----------
Subject: RE: [suse-security] My SuSEFirewall blocks something than my LAM can not surfing in internet anymore. Date: Fri, 28 Feb 2003 06:01:33 -0800 (PST) From: Prabu Subroto
To: SuSE Security Milis Dear Peer....
I tried the command line from you. But the output is empty... I grep nothing...
I will repeat this threat from you if the problem comes again. Btw, how can you know that what I send to you was only ssh?
Please help me, I am stucked...
--- Peer Stefan
wrote: Hi Prabu,
Sorry to say so, but this trace shows nothing more than a connection-trace of your ssh-session (DPT=22 ...). Don't tail /var/log/messages, it's quite big and gets filled really fast. Do a "cat /var/log/messages|grep DTP=80|grep -v DST=192.168.23.10" in order to get all the outgoing http-stuff.
so long, Stefan
btw. I'm called Stefan - it's a bit queer here in Austria, we always put the last name in front ;-)
From: Prabu Subroto
[mailto:prabu_subroto@yahoo.com]
Dear my friend, Peer...
Today morning, it happened again. I follow your
advice
and this is the 60 lines of my "/var/log/messages" file: " proxy:/var/log # tail -n 60 messages Feb 27 14:04:49 proxy kernel: SuSE-FW-ACCEPT-ALL-INTERNAL IN=eth0 OUT= MAC=00:50:bf:77:77:d5:00:50:bf:77:80:49:08:00 SRC=192.168.23.237 DST=192.168.23.10 LEN=52
TOS=0x10
PREC=0x00 TTL=64 ID=4343 DF PROTO=TCP SPT=1132
DPT=22
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
__________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/
participants (2)
-
Ian David Laws
-
Prabu Subroto