![](https://seccdn.libravatar.org/avatar/b4ffd6b9532abeb80ea5f28b9ca43db5.jpg?s=120&d=mm&r=g)
Stephen Boddy a écrit :
On Sunday 25 July 2004 17:24, Bob wrote:
Hello.
Since some time I see my syslogs polluted with messages like the following (more or less - I hide my IP by x's and MAC address by y's): Jul 25 18:18:58 xxxxx kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=yyyy SRC=xx.xx.xx.xx DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=63989 DF PROTO=TCP SPT=3245 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
What does it mean ? Is my ethernet card malfunctioning ?
No, it's your firewall warning that somebody tried to access your system, but that it was caught and dropped. They tried to access port 135 (DPT=135) which is listed as: epmap 135/tcp # DCE endpoint resolution in /etc/services. SRC=x.x.x.x is theoretically where it came from, which you could check with: host x.x.x.x I wouldn't worry too much. Probably just some script kiddie port scanning, or Yet Another Windows Virus TM that's doing the same. It's the attacks that aren't logged that'll bite you. Thank you. This list is a goodie, really ! But how could I tell to the firewall to speak a bit less ? Robert