![](https://seccdn.libravatar.org/avatar/9ce8c734ed6b454ea1f6aacc42944c8f.jpg?s=120&d=mm&r=g)
On Sunday 25 July 2004 17:24, Bob wrote:
Hello.
Since some time I see my syslogs polluted with messages like the following (more or less - I hide my IP by x's and MAC address by y's): Jul 25 18:18:58 xxxxx kernel: SFW2-INext-DROP-DEFLT IN=eth0 OUT= MAC=yyyy SRC=xx.xx.xx.xx DST=xx.xx.xx.xx LEN=48 TOS=0x00 PREC=0x00 TTL=122 ID=63989 DF PROTO=TCP SPT=3245 DPT=135 WINDOW=16384 RES=0x00 SYN URGP=0 OPT (020405B401010402)
What does it mean ? Is my ethernet card malfunctioning ?
No, it's your firewall warning that somebody tried to access your system, but that it was caught and dropped. They tried to access port 135 (DPT=135) which is listed as: epmap 135/tcp # DCE endpoint resolution in /etc/services. SRC=x.x.x.x is theoretically where it came from, which you could check with: host x.x.x.x I wouldn't worry too much. Probably just some script kiddie port scanning, or Yet Another Windows Virus TM that's doing the same. It's the attacks that aren't logged that'll bite you. -- Steve Boddy