On Monday 29 September 2003 07:59, John Lamb wrote:
Tom Nielsen wrote:
Sep 28 22:31:31 linux kernel: SuSE-FW-DROP-DEFAULT IN=eth0 OUT= MAC=00:50:da:0b:71:ce:00:02:3b:00:ab:32:08:00 SRC=4.3.91.228 DST=4.3.48.25 LEN=48 TOS=0x00 PREC=0x00 TTL=120 ID=34984 DF PROTO=TCP SPT=3578 DPT=135 WINDOW=64240 RES=0x00 SYN URGP=0 OPT (020405B401010402)
It's really bugging me and is causing problems getting and receiving email. Anyone know what I can do?
Port 135 (DPT=135) is used for M$ RPC calls and its security holes are exploited by various M$ diseases (I think lovsan is one). I've a SuSE box on a 16-bit network with lots of Win2k boxen on it and I get about 60 of these a day at the moment.
I'm on a subnet of a university system and must be seeing more like 60 an hour. If you're running Samba, of course, your machines can get pestered on this port, though I suppose any worm payload won't do real damage. I have SuSEfirewall2 set up so that it filters out everything SMB but my own subnet to avoid this. I suppose it will die off eventually, but it's been going on for weeks now. Best Fergus
There's not much you can do other than change ISP. Eventually the messages will die away.
-- JDL
Non enim propter gloriam, diuicias aut honores pugnamus set propter libertatem solummodo quam Nemo bonus nisi simul cum vita amittit.
-- Fergus Wilde Chetham's Library Long Millgate Manchester M3 1SB Tel: +44 161 834 7961 Fax: +44 161 839 5797 http://www.chethams.org.uk